Laravel Auth只验证管理员/超级用户

I'm using Laravel 5 on a Windows dev machine. I want to customize and use the Auth middleware throughout my application, to maintain authentication. My use case is a standard one. There are two (or three) classes of users - Admin and Regular (regular would be all users that are not admin).

我正在Windows开发机器上使用Laravel 5。我想在整个应用程序中定制和使用Auth中间件，以维护身份验证。我的用例是一个标准用例。有两个(或三个)用户类——Admin和Regular(常规是所有非Admin的用户)。

The Admin has the obvious role of backend management, and hence has a separate routing group /admin/, which should redirect an unlogged user to /admin/login. I have set it up like so..

Admin具有后端管理的明显角色，因此有一个单独的路由组/ Admin /，它应该将未登录的用户重定向到/ Admin /login。我是这样安排的。

Route::group(['middleware'=>'auth', 'prefix' => 'admin'], function() {
  Route::get('login','App\AuthController@getLogin');
  Route::post('login','App\AuthController@postLogin');
});

When the login form is posted, how do I ask Auth to add a filter

当登录表单被发布时，我如何要求Auth添加一个过滤器

either that only validate from among those users where 'is_admin' is true?
或者只在“is_admin”为真的用户之间进行验证?
or ask it to first join a User and a UserRoles table to identify only users with an Admin role?
或者让它首先加入一个用户和一个UserRoles表，只标识一个Admin角色的用户?

2 个解决方案

#1

I recommend you to define another middleware that detects if user is admin instead of modifying the auth. Now add this another middleware to your routes that only admins can access.

我建议您定义另一个中间件来检测用户是否为admin，而不是修改auth。现在将这个中间件添加到只有管理员才能访问的路由中。

Add several middleware to route like this

向这样的路由添加几个中间件

Route::group(['middleware' => ['auth','admin']], function() {

Middleware will look something like

中间件看起来是这样的

public function handle($request, Closure $next) {
  if (Auth::user()->role == "admin") {
    return $next($request);
  } else {
    return redirect("/")->withMyerror("You are not authorized for this action");
  }
}

2 个解决方案

#1

更多相关文章

随机推荐