如何在不使用角色的情况下通过管理员保护和普通用户保护访问控制器

【问题标题】:How to access controller via both admin guards and normal user guards without using roles如何在不使用角色的情况下通过管理员保护和普通用户保护访问控制器
【发布时间】:2019-07-07 23:41:21
【问题描述】:

我需要下载主管张贴的表格。我可以访问该页面,但不能访问表单,因为我无法下载它。它给了我ERR_INVALID_RESPONSE 错误,但主管可以轻松下载它。 会不会是中间件有问题?折腾了好久还是不能下载,有知道的大神帮忙看看

控制器

class DutiesController extends Controller
{
    public function assignSupervisor(Request $request, $id)
    {
        $assignS = new  Duty;
        $assignS->student_id = $id;
        $assignS->user_id = $request->supervisor_id;
        $assignS->student_name = $request->student_name;
        $assignS->save();

        return back();
    }

    public function assignInstructor(Request $request, $id)
    {
        $assignS = Duty::where('student_id', $id)->first();
        $assignS->admin_id = $request->instructor_id;
        $assignS->save();

        return back();
    }

    public function duties($id)
    {
        $duty = Duty::where('student_id', $id)->orWhere('user_id', $id)->orWhere('admin_id', $id)->first();

        return view('Duty.show', compact('duty'));
    }

    public function assign(Request $request, $id)
    {
        $assign = Duty::findOrfail($id);
        if ($request->hasFile('duty')) {
            $this->validate($request, [
                'duty' => 'required|file|mimes:pdf,doc'
            ]);
            $fileNameWithExt = $request->file('duty')->getClientOriginalName();
            $fileName = pathinfo($fileNameWithExt, PATHINFO_FILENAME);
            $extension = $request->file('duty')->getClientOriginalExtension();
            $fileNameToStore = $fileName.'_'.time().'.'.$extension;
            $path = $request->file('duty')->storeAs('public/duty', $fileNameToStore);
            $assign->duty = $fileNameToStore;
        }
        $assign->marks = $request->marks;
        $assign->save();

        return back();
    }

    public function getduty($id) // my download function
    {
        $download = Duty::findOrfail($id);

        return Storage::download("/public/duty/".$download->duty);
    }

    public function assignSupervisorInstructor()
    {
        $users = User::with('campus')->where('role_id', 4)->get();
        $supervisors = User::with('campus')->where('role_id', 2)->get();
        $instructors = Admin::where('role_id', 3)->get();

        return view('Assigning.index', compact('users', 'supervisors', 'instructors'));
    }
}

路线

Route::group(['middleware' => 'auth:web,admin'], function () {
    //Now this routes can be accessible by both admin as well as
    Route::get('/duties/downloads/{id}', 'DutiesController@getduty');
    Route::post('/duties/assign/{id}', 'DutiesController@assign');
    Route::get('/duties/myduties/{id}', 'DutiesController@duties');
    Route::get('/duties/mydutty/{id}', 'DuttyController@duties');
    Route::post('/duties/{id}', 'DutiesController@assignSupervisor');
    Route::get('/assign', 'DutiesController@assignSupervisorInstructor');
    Route::post('/duties/inst/{id}', 'DutiesController@assignInstructor');
});

刀片

<td>
    <a href="/duties/downloads/{{$duty->id}}">
        <button class="btn btn-success"><i class="fa fa-download"></i> Dowload Document</button>
    </a>
</td>

【问题讨论】:

    标签: laravel middleware guard


    【解决方案1】:

    我希望这就是您的意思,但这就是我通过中间件区分用户类型的方式。 基本上是创建自定义中间件(我想你也可以通过内置功能来实现,但我更喜欢这个),例如:

    1) 中间件: app/Http/Middleware/CheckUserType.php:

    namespace App\Http\Middleware;
use Auth;
use Closure;
use App\Usergroup;
class CheckUserType
{
    /**
     * This middleware checks if the user is logged in as a specific type
     *
     * @var array
     */
    public function handle($request, Closure $next, ...$userGroups)
    {
        if (in_array(UserGroup::where('id', Auth::user()->groupid)->first()->title, $userGroups)) {
            return $next($request);
        } else {
            return response('Unauthorized...', 401);
        }
    }
}

    在我的例子中,我有一个链接到 user->groupid 的用户组表,所以我使用该模型将 id 交叉引用到我在路由器中提供的组标题。 但是你可以很明显地修改它。 另请注意,我使用...$userGroups,因此如果我想在路由器中迭代多个用户类型(见下文)。

    2) 在内核中注册: 然后在app/Http/Kernel.php注册: 添加到protected $routeMiddlewarecheckUserType' =&gt; CheckUserType::class 确保包含您的自定义中间件 (use App\Http\Middleware\CheckUserType;)

    3) 路线: 所以最后在我的路由器中,我有例如以下内容:

    /**
* @section Routes that require the user to be a Manager or an Administrator
*/
Route::group(['middleware' => 'checkUserType:Managers,Administrators'], function () {
    //
});

    或:

    /**
* @section Routes that require the user to be an Administrator
*/
Route::group(['middleware' => 'check.usertype:Administrators'], function () {
    // User Routes
    Route::delete('/users/delete/{id}', 'UserController@deleteUser');
});

    【讨论】:

      猜你喜欢
      • 2015-07-29
      • 1970-01-01
      • 2018-12-04
      • 2017-09-19
      • 1970-01-01
      • 2011-10-15
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode