Laravel 用户是否有权访问某些页面?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23158564/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel User permission to access certain pages?
提问by user3150060
I have created a slug pages as followed :
我创建了一个 slug 页面如下:
// Create pages table for dynamic pages
id | slug | title | page_template
0 about about us about.blade
1 contact contact us contact.blade
I am going to access them through the following rout:
我将通过以下路线访问它们:
// could be page/{slug} or only slug inside routes.php
Route::get('/{slug}', array('as' => 'page.show', 'uses' => 'PageController@show'));
Where I have a PageController , so this allows me to create pages dynamically. referring to the solution here : Laravel Creating Dynamic Routes to controllers from Mysql database
我有一个 PageController ,所以这允许我动态创建页面。参考这里的解决方案:Laravel从Mysql数据库创建到控制器的动态路由
What I also have is roles table :
我还有的是角色表:
// Create roles table for
id | name
0 user
1 admin
I also have another table for permission:
我还有另一个表需要许可:
// permission table
role_id | page_id
0 0
0 1
1 1
This will help me out with setting permission per role type , so for example if you are a user you can only access about page , if you are admin you can access all pages etc..
这将帮助我设置每个角色类型的权限,例如,如果您是用户,则只能访问 about 页面,如果您是管理员,则可以访问所有页面等。
My Question is : how could I make this happen , do I add a filter to my route , that checks if the user can access that slug page? So do I do this inside routes.php or inside filters.php? and how?
我的问题是:我怎么能做到这一点,我是否向我的路线添加了一个过滤器,以检查用户是否可以访问该 slug 页面?那么我是在routes.php 还是在filters.php 中执行此操作?如何?
Thanks for the help
谢谢您的帮助
回答by The Alpha
You need a setup like following. Create classes (models) with four tables (users, roles permissions and permission_role):
您需要如下设置。创建具有四个表(用户、角色权限和权限角色)的类(模型):
Table roles
:
表roles
:
id | name (role name)
1 | admin
2 | user
Model Role
:
型号Role
:
class Role extends ELoquent {
protected $table = 'roles';
public function users()
{
return $this->hasMany('User', 'role_id', 'id');
}
public function permissions()
{
return $this->belongsToMany('Permission');
}
}
Table permissions
:
表permissions
:
id | name (permission name)
1 | manage_pages (add/edit/delete)
2 | manage_users (add/edit/delete)
3 | page_about (access allowed to about page)
4 | page_contact (access allowed to contact page)
Model Permission
模型 Permission
class Permission extends ELoquent {
protected $table = 'permissions';
public function roles()
{
return $this->belongsToMany('Role');
}
}
Table users
:
表users
:
id | username | email | password | role_id | more...
1 | admin | [email protected] | hashed | 1 | more...
2 | user1 | [email protected] | hashed | 2 | more...
3 | user2 | [email protected] | hashed | 2 | more...
Model User
模型 User
class User extends ELoquent {
protected $table = 'users';
public function role()
{
return $this->belongsTo('Role', 'role_id', 'id');
}
public function can($perm = null)
{
if(is_null($perm)) return false;
$perms = $this->role->permissions->fetch('name');
return in_array($perm, $perms->toArray());
}
}
Table permission_role
(pivot table):
表permission_role
(数据透视表):
id | permission_id | role_id
1 | 1 | 1
2 | 2 | 1
3 | 3 | 1
4 | 4 | 1
5 | 3 | 2
6 | 4 | 2
Once you have this setup then you may create filters or in your class method you may check if a logged in user has specific rule or permission then allow access to a page, otherwise doesn't allow. For example, you may check if a logged in user can access a page using something like this:
完成此设置后,您可以创建过滤器或在类方法中检查登录用户是否具有特定规则或权限,然后允许访问页面,否则不允许。例如,您可以使用以下方式检查登录用户是否可以访问页面:
if(Auth::user->can('manage_pages')) {
// Let him/her to add/edit/delete any page
}
Since your pages are dynamic and all pages are being shown by show
method then in your show
method you may check something like this:
由于您的页面是动态的并且所有页面都按show
方法显示,因此在您的show
方法中您可以检查如下内容:
public function show($slug = 'home')
{
// assumed page skug is 'about'
$permission = 'page_' . $slug;
if(Auth::user->can($permission)) {
$page = page::whereSlug('home')->get();
return View::make('pages.index')->with('page', $page);
}
}
This is really a big issue and you have to figure it out by your self. I gave you the basic idea with some implementations, now you should extend it.
这确实是一个大问题,你必须自己弄清楚。我给了你一些实现的基本想法,现在你应该扩展它。
P/S: It's not possible to answer everything from the ground but I'm involved with another answer of this same project of your's and I suggested you to implement a permission base (ACL) so I tried to help but you need to try to implement the rest. All the best.
P/S:不可能从根本上回答所有问题,但我参与了您的同一个项目的另一个答案,我建议您实施权限基础 (ACL),因此我尝试提供帮助,但您需要尝试执行其余部分。祝一切顺利。