【问题标题】:Permission Middleware with Laravel 6.6 working on all routesLaravel 6.6 在所有路由上工作的权限中间件
【发布时间】:2020-05-19 02:51:48
【问题描述】:

嗨,我正在做 laravel 项目,当他试图访问一个页面时,我必须检查用户的权限,我的问题是在我创建 Permission 中间件并将其添加到 kernel.php 之后,它会检查权限所有路线,即使我没有在任何路线中调用它。 我不想在所有路由上应用这个中间件,只是其中一些。 这是我的权限中间件代码

namespace App\Http\Middleware;

use Closure;
use Session;
use App\Rules;
use Illuminate\Support\Facades\Route;
use URL;

class Permissions  

 { 

   public function handle($request, Closure $next) {

       $rolename=Session::get('rule_name') ;
       $route = $request->path();

       $hasPermission = Rules::where('rule_name', 'superadmin')->where('allowed_pages', 'like', '%' . $route . '%') ->first();

            if (empty($hasPermission)) {

                echo 'Unauthorized.<a href="' . URL::to('/admin') . '">Go Back</a>';

                die();

            }
        }
    }
}

这是我的路线文件

Route::resource('Login', 'LoginController')->name('index','Login');

Route::resource('Backup', 'BackupController')->name('index','Backup');

如您所见,我没有在这些牵引路线上应用中间件,但中间件正在使用这些牵引路线 这是我的内核代码

    protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
         'Permissions' => \App\Http\Middleware\Permissions::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

我只想通过这样的路由运行这个中间件

Route::group(['middleware' => 'permissions'], function () {
  Route::resource('Backup', 'BackupController')->name('index','Backup');
}

谢谢你提前 最好的问候

【问题讨论】:

  • 不要在web申请创建indivdual和申请单路由

标签: laravel routes laravel-middleware


【解决方案1】:

您在 web 中添加了它,这是 laravel 的默认中间件,这就是它应用于所有路由的原因。

要注册一个中间件,你需要在protected $routeMiddleware = [ ]数组中添加

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,

    //custom middlewares:
    'Permissions' => \App\Http\Middleware\Permissions::class,
];

那么只有

Route::group(['middleware' => 'permissions'], function () {
  Route::resource('Backup', 'BackupController')->name('index','Backup');
}

会有用的

【讨论】:

    【解决方案2】:

    您已将中间件添加到 middelwareGroup web,它将中间件应用于传入的每个请求。

    您需要将中间件添加到路由中间件数组中:docs

    // Within App\Http\Kernel Class...
    
    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        ...
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
    
        // your own middlewares:
        'Permissions' => \App\Http\Middleware\Permissions::class,
    ];
    

    您可以将中间件应用于特定的路由:

    Route::resource('Login', 'LoginController')->middleware('Permissions')->name('index','Login');
    

    【讨论】:

      猜你喜欢
      • 2016-01-08
      • 2018-09-25
      • 2017-02-16
      • 2019-10-05
      • 2019-08-28
      • 1970-01-01
      • 2020-06-24
      • 2021-07-22
      • 2015-08-08
      相关资源
      最近更新 更多