当前位置:theitroad>如何在 Laravel 中使用自定义中间件检查用户权限

如何在 Laravel 中使用自定义中间件检查用户权限

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/51154243/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-14 17:51:59  来源:igfitidea点击:

How to check user Permissions using Custom Middleware in Laravel

phplaravellaravel-middleware

提问by Gabrielle-M

I'm developing a Laravel ACL System. My base Table's are users,roles,permissionsand pivot tables are role_user,role_permission,user_permission.

我正在开发 Laravel ACL 系统。我的基表users,roles,permissions和数据透视表是role_user,role_permission,user_permission.

I want to check User Permissions using my custom middleware HasPermission. I have tried this way but it's not working properly. every user can access the all the permissions which have or have not.

我想使用我的自定义中间件检查用户权限HasPermission。我试过这种方式,但它不能正常工作。每个用户都可以访问拥有或没有的所有权限。

Now, How can I solve the issue. Please see my code sample.

现在,我该如何解决这个问题。请参阅我的代码示例。

My Controller.

我的控制器。

function __construct()
{
    $this->middleware('auth');
    $this->middleware('HasPermission:Role_Read|Role_Update|Role_Delete');
}

My Middleware.

我的中间件。

class HasPermission
{

public function handle($request, Closure $next,$permissions)
{

    $permissions_array = explode('|', $permissions);
    // $user = $this->auth->user();
    foreach($permissions_array as $permission){
        if(!$request->user()->hasPermission($permission)){
            return $next($request);
        }
    }

    return redirect()->back();

 }
}

and, my UserModel method.

还有,我的User模型方法。

public function user_permissions()
{
    return $this->belongsToMany(Permission::class,'user_permission');
}

public function hasPermission(string $permission)
{
    if($this->user_permissions()->where('name', $permission)->first())
    {
        return true;
    }
    else
    {
        return false;
    }

}

回答by Naveed Ramzan

Best way to do is that you need to introduce an new service provider and in that you can check the authorization and permissions.

最好的方法是你需要引入一个新的服务提供商,你可以检查授权和权限。

I made a test project (last year) for db driven permission and I used service provider.

我为数据库驱动的许可做了一个测试项目(去年),我使用了服务提供商。

That's the perfect way to implement.

这是实现的完美方式。

回答by apokryfos

Basically !$request->user()->hasPermission($permission)is saying if the user associated with the request does not have this permission the middleware passes, however this is not what you want. Here's what you should do:

基本上!$request->user()->hasPermission($permission)是说如果与请求关联的用户没有中间件传递的此权限,但这不是您想要的。这是你应该做的:

If you need the user to have oneof the stated permissions you need to do:

如果您需要用户具有您需要执行的规定权限之一

class HasPermission
{

    public function handle($request, Closure $next,$permissions)
    {

        $permissions_array = explode('|', $permissions);
        foreach($permissions_array as $permission){
            if ($request->user()->hasPermission($permission)){
                return $next($request);
            }
        }    
       return redirect()->back();    
    }
}

If you want the user to have allstated permissions you need to do:

如果您希望用户拥有所有声明的权限,您需要执行以下操作:

class HasPermission
{

    public function handle($request, Closure $next,$permissions)
    {

        $permissions_array = explode('|', $permissions);
        foreach($permissions_array as $permission){
            if (!$request->user()->hasPermission($permission)){
                return redirect()->back();                        
            }
        }    
        return $next($request);
    }
}

As an added note if you want to do this in a more elegant way you can do:

作为补充说明,如果您想以更优雅的方式执行此操作,您可以执行以下操作:

class HasPermission
{

    public function handle($request, Closure $next, ...$permissions_array)
    {    
       //Function body from above without the explode part
    }
}

And 

function __construct()
{
   $this->middleware('auth');
   $this->middleware('HasPermission:Role_Read,Role_Update,Role_Delete');
}

If you use commas then the framework will split the string into arguments for you .

如果您使用逗号,则框架将为您将字符串拆分为参数。

回答by Julius Simanavi?ius

In my case i just added simple function to get permissions from database and then check it Middleware. Check this code:

就我而言,我只是添加了简单的函数来从数据库获取权限,然后检查它的中间件。检查此代码:

// Add new function to get permissions from database

// 添加新函数以从数据库中获取权限 

public static function user_permissions($user) {

$permissions=DB::table('permissions')->where('user_id', $user)->first();
return $permissions; 

}

// In Middleware check your permissions

// 在中间件中检查您的权限

   if(Auth::guest())
    {
        return redirect('/');
    }

elseif(Functions::user_permissions(Auth::user()->id)->user_managment != 1) {

 return redirect('/');

} else {
    return $next($request);
}

相关推荐

将 get 参数添加到 Laravel 的重定向方法中

将 get 参数添加到 Laravel 的重定向方法中

laravel 删除表后如何重新迁移laravel迁移

laravel 删除表后如何重新迁移laravel迁移

如何将 Laravel Passport 与密码授予令牌一起使用?

如何将 Laravel Passport 与密码授予令牌一起使用?

laravel 在foreach中获取对象的位置(索引)?

laravel 在foreach中获取对象的位置(索引)?

相关推荐
最近更新
标签