我正在使用Laravel 5.5。
我创建了4个中间件,一个是用户角色的中间件。
管理员拥有与员工相同的权利。但是,admin拥有更多权限。
路由文件:
Route::group(['prefix' => 'admin'], function() {
// EMPLOYEE AND ADMIN ROUTES
Route::group(['middleware' => ['admin', 'employe']], function() {
Route::get('showCreationSeance', 'AdministrationController@showCreationSeance');
Route::get('showAjoutCoach', 'AdministrationController@showAjoutCoach');
Route::get('showReservationClient', 'AdministrationController@showReservationClient');
Route::get('showAnnulationClient', 'AdministrationController@showAnnulationClient');
Route::post('creerSeance', 'AdministrationController@creerSeance')->name('admin/creerSeance');
Route::post('ajouterCoach', 'AdministrationController@ajouterCoach')->name('admin/ajouterCoach');
});
// ADMIN ROUTES
Route::group(['middleware' => 'admin'], function() {
Route::get('showCreationActivite', 'AdministrationController@showCreationActivite');
Route::get('showAjoutEmploye', 'AdministrationController@showAjoutEmploye');
Route::post('creerActivite', 'AdministrationController@creerActivite')->name('admin/creerActivite');
Route::post('ajouterEmploye', 'AdministrationController@ajouterEmploye')->name('admin/ajouterEmploye');
});
});
中间件:
class AdminMiddleware
{
public function handle($request, Closure $next)
{
$user = User::getUser(Auth::user()->id_utilisateur);
if(!$user->estAdmin()) {
throw new AuthorizationException();
}
return $next($request);
}
}
class EmployeMiddleware
{
public function handle($request, Closure $next)
{
$user = User::getUser(Auth::user()->id_utilisateur);
if(!$user->estEmploye()) {
throw new AuthorizationException();
}
return $next($request);
}
}
用于中间件的方法:
public function estAdmin() {
$idStatutAdmin = Statut::select('id_statut')
->where('nom_statut', '=', 'ROLE_ADMIN')
->first();
return ($idStatutAdmin->id_statut == $this->id_statut) ? true : false;
}
public function estEmploye() {
$idStatutEmployee = Statut::select('id_statut')
->where('nom_statut', '=', 'ROLE_EMPLOYEE')
->first();
return ($idStatutEmployee->id_statut == $this->id_statut) ? true : false;
}
堆栈跟踪:
Illuminate\Foundation\Exceptions\Handler render
…/app/Exceptions/Handler.php 51
Illuminate\Auth\Access\AuthorizationException
…/app/Http/Middleware/AdminMiddleware.php 25
Illuminate\Foundation\Http\Kernel handle
…/public/index.php 55
问题:为admin和employee定义的路由不起作用,我收到错误:
Symfony \ Component \ HttpKernel \ Exception \ AccessDeniedHttpException
没有消息
虽然管理员的路线只能完美运作。你能告诉我我这样做是否正确吗?
当我以管理员身份连接时,EmployeMiddleware会抛出错误。当我作为员工连接时,AdminMiddleware会抛出错误。
谢谢你的帮助!
用户有id_statut列,只能是ROLE_ADMIN或ROLE_EMPLOYEE。请看以下示例:
$roles = [
'admin' => 2,
'employee' => 1
];
$user = [
'id_statut' => 1
];
if ($user['id_statut'] == $roles['employee']) {
// User is an employee - this code will execute
}
if ($user['id_statut'] == $roles['admin']) {
// User is not an admin - this code will NOT execute
}
if ($user['id_statut'] == $roles['employee'] && $user['id_statut'] == $roles['employee']) {
// User is an employee AND an admin
// This is impossible based on your database structure as id_statut cannot be both 1 and 2
}
一个简单的解决方案是检查用户是否是estEmploye()的员工或更高的权限。例如:
public function estEmploye() {
$idStatutEmployee = Statut::select('id_statut')
->where('nom_statut', 'IN', ['ROLE_EMPLOYEE', 'ROLE_ADMIN'])
->get('id_statut');
return in_array($this->id_status, $idStatutEmployee);
}