我正在尝试在项目中添加一个简单的中间件,该中间件检查是否允许用户访问项目。我的方法是:
namespace AppHttpMiddleware;
use Closure;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesDB;
class UserProjectFit
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->is('*/projects/*')) {
$projectUserId = DB::table('project_user')
->where('project_id', '=', $request->project['id'])
->where('user_id', '=', Auth::user()->id)
->first();
if (is_null($projectUserId)) {
abort(404);
}
}
return $next($request);
}
}
它基本上有效,但我也有像e这样的路线。G。projects/create
,此处中间件也开始了。这个想法是,中间件仅在URL包含字符串project
和ID e的情况下采取操作。G。…projects/1/…
什么是解决这个问题的好方法?如果我的方法不好,我很乐意阅读您的建议。
您可以使用身份验证门并将它们与角色ID相关联。这可以在AuthserviceProvider中完成。
类似这样的东西
Gate::define('projects_create_access', function ($user) {
return in_array($user->role_id, [1]);
});
我刚刚遵循简单的方法将路线附加到我需要的每条路线上。详细信息是:
路线:
Route::get('projects/{project}', 'ProjectsController@showProjectDashboard')->name('show-project-dashboard')->middleware('UserProjectFit');
中间件:
namespace AppHttpMiddleware;
use Closure;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesDB;
class UserProjectFit
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$projectUserId = DB::table('project_user')
->where('project_id', '=', $request->project['id'])
->where('user_id', '=', Auth::user()->id)
->first();
if (is_null($projectUserId)) {
abort(404);
}
return $next($request);
}
}
kernel.php
protected $routeMiddleware = [
...
'UserProjectFit' => AppHttpMiddlewareUserProjectFit::class
];