我的角色是动态的,并且他们的用户权限也是动态的。我有两种方法可以验证用户是否有权访问特定页面。
方法1
class BaseController extends Controller
{
public function __construct() {
if(!\Auth::user()->IsPredefined) {
$result = $this->ValidateAuthorization();
if(!$result) {
\Auth::logout();
return redirect()->route("login");
}
}
}
private function ValidateAuthorization() {
$ActionName = \Route::getCurrentRoute()->getPath();
switch ($ActionName) {
case "ChangePassword":
$ModuleID = ModuleEnum::AccountManagemenet;
$ActionID = AccountActionEnum::ChangePassword;
return CheckUsePermissions($ModuleID, $ActionID);
}
}
private function CheckUsePermissions($ModuleID, $ActionID) {
$User = MySession::UserPermissions();
foreach($User->UserRolePermissions as $UserRolePermission) {
$CurrentActionID = $UserRolePermission->RolePermission->Permission->ActionID;
$CurrentModuleID = $UserRolePermission->RolePermission->Permission->ModuleID;
if($CurrentActionID == $ActionID && $CurrentModuleID == $ModuleID &&
$UserRolePermission->IsActive == true) {
return true;
}
}
return false;
}
}
方法2
在Request类中使用Authorize方法
public function authorize()
{
return true;
}
困惑
对于动态角色,我这样做:
假设我具有以下权限:
现在,Super Admin
(显然拥有上述所有权限的人)可以创建一个角色,例如,Hotel Manager
并仅分配的权限Manage Hotels
。
现在选择一条路线:
Route::get('/admin/hotels', 'HotelsController@index')->name('admin.hotels.index');
我将其Route Group
与中间件放在一起:
Route::group(['prefix' => '/admin/hotels', 'middleware' => ['permission:manage_hotels']], function () {
Route::get('/', 'HotelsController@index')->name('admin.hotels.index');
Route::post('/', 'HotelsController@create')->name('admin.hotels.create');
});
然后,我将创建一个Permission
中间件:
class Permission
{
public function handle($request, Closure $next, $permission)
{
//if not super admin (super admin role_id is 1)
if(auth()->user()->role_id != 1) {
//explode extra param passed to this middleware (here manage_hotels)
$permission_array = explode('_', $permission);
foreach ($permission_array as $key => $value) {
$permission_array[$key] = ucfirst($value);
}
$permission_name = implode(' ', $permission_array);
$permitted = auth()->user()->role->permissions()->where('name', $permission_name)->first();
if(! $permitted) {
return redirect()->route('admin.dashboard')->withErrors(['error' => ['message' => 'You are not allowed to perform this action.']]);
}
}
return $next($request);
}
}
当然,您需要包装这些路由Admin Middleware
,以确保用户已登录并具有管理员角色。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句