我正在尝试在Laravel 5.1中制作一个应用程序。
在我的用户表中,我有三种类型的用户,管理员、代理和农民。在users表中有一个名为user_type_id的列,其中admin是user_type_id=1
,agent是user_type_id=2
,farmer是user_type_id=3
。
管理员有权在代理几乎没有权限的情况下执行所有操作。
问题是,在使用中间件时,我的Authenticate.php和AgentAuthenticate.php中间件文件表现得好像它们是一样的,这意味着代理获得了管理的所有权限。有逻辑错误吗?这是代码。
agentAuthenticate.php(中间件)
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('auth/login');
}
}
if(! $this->auth->user()->user_type != 2) {
return redirect()->guest('auth/login');
}
return $next($request);
}
Authenticate.php
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('auth/login');
}
}
if(! $this->auth->user()->user_type != 1) {
return redirect()->guest('auth/login');
}
return $next($request);
}
routes.php
//guest routes
Route::resource('/farmerPoint','farmerPointController',['only' => ['index', 'show']]);
Route::resource('/crop','cropController',['only' => ['index', 'show']]);
//Admin routes
Route::group(['middleware' => 'auth'], function () {
Route::resource('agent','agentController');
Route::resource('farmer','farmerController');
Route::resource('farmer.crop','farmerCropController');
Route::resource('cropType','cropTypeController');
Route::resource('crop','cropController',['except' => ['index','show']]);
Route::resource('farmerPoint','farmerPointController',['except' => ['index','show']]);
Route::get('/AdminPanel',function(){
return view('frontend.AdminPanel');
});
});
//agent routes
Route::group(['middleware' => 'agent'], function () {
Route::resource('farmer','farmerController');
Route::resource('farmer.crop','farmerCropController');
Route::resource('agent','agentController',['only' => ['index','show']]);
Route::get('/AgentPanel',function(){
return view('frontend.AgentPanel');
});
});
在Authenticate.php
中,它应该是:
if($this->auth->user()->user_type != 1) {
return redirect()->guest('auth/login');
}
因为你想为所有类型不同于管理员的用户进行重定向
在agentAuthenticate.php
中,它应该是:
if(!in_array($this->auth->user()->user_type, [1,2])) {
return redirect()->guest('auth/login');
}
因为你想为所有类型不同于代理的用户进行重定向,但如果用户是管理员,你不想也进行重定向(你提到了Admin has permission to do everything
)