我知道这是很常见的问题,但我陷入了困境。我正在使用Laravel 5.5并开发ERP。在ERP中,某些URL只能由超级管理员访问,所以我创建了一个中间件。
namespace AppHttpMiddleware;
use Closure;
use IlluminateSupportFacadesAuth;
class CheckAdmin
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user->user_role_id == 1) {
return $next($request);
} else {
return redirect('/');
}
}
}
我已经在Kernel.php
中注册了这个中间件
protected $routeMiddleware = [
'auth' => IlluminateAuthMiddlewareAuthenticate::class,
'auth.basic' => IlluminateAuthMiddlewareAuthenticateWithBasicAuth::class,
'bindings' => IlluminateRoutingMiddlewareSubstituteBindings::class,
'can' => IlluminateAuthMiddlewareAuthorize::class,
'guest' => AppHttpMiddlewareRedirectIfAuthenticated::class,
'throttle' => IlluminateRoutingMiddlewareThrottleRequests::class,
'admin' => AppHttpMiddlewareCheckAdmin::class
];
并在路由中对此中间件进行签名
$routes = [
"students" => "StudentsController",
"teachers" => "TeachersController",
"courses" => "CoursesController",
"subjects" => "SubjectsController",
"colleges" => "CollegesController",
"branches" => "BranchesController",
];
Route::group(['middleware' => ['web', 'auth']], function () use ($routes){
Route::match(["get","post"],'/users','UsersController@index')->middleware('admin');
Route::get('/users/status/{id}','UsersController@setStatus')->middleware('admin');
Route::get('/users/delete/{id}','UsersController@delete')->middleware('admin');
Route::match(["get","post"],'/users/add','UsersController@add')->middleware('admin');
Route::match(["get","post"],'/users/edit/{id}','UsersController@edit')->middleware('admin');
Route::match(["get","post"],'/users/view/{id}','UsersController@view')->middleware('admin');
foreach($routes as $route => $class){
Route::match(["get","post"],'/'.$route,$class.'@index');
Route::get('/'.$route.'/status/{id}',$class.'@setStatus');
Route::get('/'.$route.'/delete/{id}',$class.'@delete');
Route::match(["get","post"],'/'.$route.'/add',$class.'@add');
Route::match(["get","post"],'/'.$route.'/edit/{id}',$class.'@edit');
Route::match(["get","post"],'/'.$route.'/view/{id}',$class.'@view');
}
// additions routes
Route::match(["get","post"],'/courses/assign-subjects','CoursesController@assign_subjects');
Route::match(["get"],'/courses/already-assign-subjects/{id}','CoursesController@already_assigned_subjects');
});
此中间件不使用users/*
路由调用。当我在kernel.php
中注册此$middleware
时,它的工作Auth::user()
但每次都会返回null
。那么如何检查登录用户角色呢?我在某处读到,在 L5.5 版本中,Session
constructor
不起作用,那么在中间件中检查用户角色的最佳方法是什么。
要检查中间件admin
您可以使用嵌套中间件
Route::group(['middleware' => ['web', 'auth']], function () use ($routes){
Route::match(["get","post"],'/users','UsersController@index')->middleware('admin');
Route::group(['middleware' => ['admin'], function () use ($routes){
Route::get('/users/status/{id}','UsersController@setStatus')->middleware('admin');
Route::get('/users/delete/{id}','UsersController@delete')->middleware('admin');
});
Route::match(["get","post"],'/users/add','UsersController@add')->middleware('admin');
Route::match(["get","post"],'/users/edit/{id}','UsersController@edit')->middleware('admin');
Route::match(["get","post"],'/users/view/{id}','UsersController@view')->middleware('admin');
foreach($routes as $route => $class){
Route::match(["get","post"],'/'.$route,$class.'@index');
Route::get('/'.$route.'/status/{id}',$class.'@setStatus');
Route::get('/'.$route.'/delete/{id}',$class.'@delete');
Route::match(["get","post"],'/'.$route.'/add',$class.'@add');
Route::match(["get","post"],'/'.$route.'/edit/{id}',$class.'@edit');
Route::match(["get","post"],'/'.$route.'/view/{id}',$class.'@view');
}
// additions routes
Route::match(["get","post"],'/courses/assign-subjects','CoursesController@assign_subjects');
Route::match(["get"],'/courses/already-assign-subjects/{id}','CoursesController@already_assigned_subjects');
});
当管理中间件在web and auth
之外时,它将始终返回 null
希望这有帮助