我正在使用 spatie/laravel-permission 为我的路线添加权限。
我拥有的其中一条路线可以通过两个权限访问(
earnings
,financial_fund
)。用户无需同时拥有这两种权限即可访问控制器。他可以通过拥有其中一项权限或同时拥有两项权限来访问控制器。
我尝试过写这样的东西。
Route::group(['middleware' => ['can:earnings']], function () {
Route::get('/payment', [PaymentsController::class, 'getAll']);
Route::post('/payment/cash', [PaymentsController::class, 'addCashPayment']);
});
Route::group(['middleware' => ['can:financial_fund']], function () {
Route::get('/payment', [PaymentsController::class, 'getAll']);
Route::post('/payment/cash', [PaymentsController::class, 'addCashPayment']);
});
但是上面的代码只允许具有
can:earnings
权限的用户访问路线,不允许具有can:financial_fund
权限的用户
我也尝试过写这样的东西
Route::group(['middleware' => ['can:earnings,financial_fund']], function () {
Route::get('/payment', [PaymentsController::class, 'getAll']);
Route::post('/payment/cash', [PaymentsController::class, 'addCashPayment']);
});
但这需要当前用户同时存在这两种权限。
如何判断我只希望至少存在其中一项权限?
我发现 Laravel 引入了
canAny
用于刀片模板。有没有办法在定义路由时在 api.php 文件中使用它?
我通过创建一个新的中间件修复了它
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class AuthorizeCanAny
{
public function handle(Request $request, Closure $next, ...$permissions)
{
if (!$request->user()) {
abort(403);
}
$userPermissions = array_map(function ($e) {
return $e['name'];
}, $request->user()->permissions->toArray());
$userPermissionsIntersect = array_intersect($userPermissions, $permissions);
if (!sizeof($userPermissionsIntersect)) {
abort(403);
}
return $next($request);
}
}
将中间件添加到 kernal.php 文件
protected $routeMiddleware = [
...,
'canAny' => AuthorizeCanAny::class,
];
然后在路由器中使用
Route::group(['middleware' => ['canAny:earnings,financial_fund']], function () {
Route::get('/payment', [PaymentsController::class, 'getAll']);
Route::post('/payment/cash', [PaymentsController::class, 'addCashPayment']);
});