Laravel 用户是否有权访问某些页面?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/23158564/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-14 09:23:12  来源:igfitidea点击:

Laravel User permission to access certain pages?

phplaravellaravel-4user-permissions

提问by user3150060

I have created a slug pages as followed :

我创建了一个 slug 页面如下:

   // Create pages table for dynamic pages
   id | slug | title      |   page_template
   0    about    about us     about.blade
   1    contact  contact us   contact.blade

I am going to access them through the following rout:

我将通过以下路线访问它们:

  // could be page/{slug} or only slug inside routes.php
   Route::get('/{slug}', array('as' => 'page.show', 'uses' => 'PageController@show'));

Where I have a PageController , so this allows me to create pages dynamically. referring to the solution here : Laravel Creating Dynamic Routes to controllers from Mysql database

我有一个 PageController ,所以这允许我动态创建页面。参考这里的解决方案:Laravel从Mysql数据库创建到控制器的动态路由

What I also have is roles table :

我还有的是角色表:

   // Create roles table for
   id | name 
   0    user
   1    admin

I also have another table for permission:

我还有另一个表需要许可:

   // permission table 
   role_id | page_id 
     0         0
     0         1
     1         1

This will help me out with setting permission per role type , so for example if you are a user you can only access about page , if you are admin you can access all pages etc..

这将帮助我设置每个角色类型的权限,例如,如果您是用户,则只能访问 about 页面,如果您是管理员,则可以访问所有页面等。

My Question is : how could I make this happen , do I add a filter to my route , that checks if the user can access that slug page? So do I do this inside routes.php or inside filters.php? and how?

我的问题是:我怎么能做到这一点,我是否向我的路线添加了一个过滤器,以检查用户是否可以访问该 slug 页面?那么我是在routes.php 还是在filters.php 中执行此操作?如何?

Thanks for the help

谢谢您的帮助

回答by The Alpha

You need a setup like following. Create classes (models) with four tables (users, roles permissions and permission_role):

您需要如下设置。创建具有四个表(用户、角色权限和权限角色)的类(模型):

Table roles:

roles

id | name (role name)
1  | admin
2  | user

Model Role:

型号Role:

class Role extends ELoquent {

    protected $table = 'roles';

    public function users()
    {
        return $this->hasMany('User', 'role_id', 'id');
    }

    public function permissions()
    {
        return $this->belongsToMany('Permission');
    }
}

Table permissions:

permissions

id | name (permission name)
1  | manage_pages (add/edit/delete)
2  | manage_users (add/edit/delete)
3  | page_about (access allowed to about page)
4  | page_contact (access allowed to contact page)

Model Permission

模型 Permission

class Permission extends ELoquent {

    protected $table = 'permissions';

    public function roles()
    {
        return $this->belongsToMany('Role');
    }
}

Table users:

users

id | username | email           | password | role_id | more...
1  | admin    | [email protected] | hashed   |    1    | more...
2  | user1    | [email protected] | hashed   |    2    | more...
3  | user2    | [email protected] | hashed   |    2    | more...

Model User

模型 User

class User extends ELoquent {

    protected $table = 'users';

    public function role()
    {
        return $this->belongsTo('Role', 'role_id', 'id');
    }

    public function can($perm = null)
    {
        if(is_null($perm)) return false;
        $perms = $this->role->permissions->fetch('name');
        return in_array($perm, $perms->toArray());
    }
}

Table permission_role(pivot table):

permission_role(数据透视表):

id | permission_id | role_id
1  | 1             | 1
2  | 2             | 1
3  | 3             | 1
4  | 4             | 1
5  | 3             | 2
6  | 4             | 2

Once you have this setup then you may create filters or in your class method you may check if a logged in user has specific rule or permission then allow access to a page, otherwise doesn't allow. For example, you may check if a logged in user can access a page using something like this:

完成此设置后,您可以创建过滤器或在类方法中检查登录用户是否具有特定规则或权限,然后允许访问页面,否则不允许。例如,您可以使用以下方式检查登录用户是否可以访问页面:

if(Auth::user->can('manage_pages')) {
    // Let him/her to add/edit/delete any page
}

Since your pages are dynamic and all pages are being shown by showmethod then in your showmethod you may check something like this:

由于您的页面是动态的并且所有页面都按show方法显示,因此在您的show方法中您可以检查如下内容:

public function show($slug = 'home')
{
    // assumed page skug is 'about'
    $permission = 'page_' . $slug;
    if(Auth::user->can($permission)) {
        $page = page::whereSlug('home')->get();
        return View::make('pages.index')->with('page', $page);
    }
}

This is really a big issue and you have to figure it out by your self. I gave you the basic idea with some implementations, now you should extend it.

这确实是一个大问题,你必须自己弄清楚。我给了你一些实现的基本想法,现在你应该扩展它。



P/S: It's not possible to answer everything from the ground but I'm involved with another answer of this same project of your's and I suggested you to implement a permission base (ACL) so I tried to help but you need to try to implement the rest. All the best.

P/S:不可能从根本上回答所有问题,但我参与了您的同一个项目的另一个答案,我建议您实施权限基础 (ACL),因此我尝试提供帮助,但您需要尝试执行其余部分。祝一切顺利。