gpt4 book ai didi

php - Laravel 路由 : same routes in two different route groups

转载 作者:行者123 更新时间:2023-12-05 05:16:35 24 4
gpt4 key购买 nike

我目前有两个路线组,其中一个路线组有六个路线,另一个有两条路线(也在前一组中)。

/**
* Foo Routes for admin
*/
Route::group(['middleware' => 'bar:admin'], function () {
Route::put('foo/{uuid}/publish', 'FooController@publish');
Route::put('foo/{uuid}/disable', 'FooController@disable');
Route::put('foo/{uuid}/enable', 'FooController@enable');
Route::delete('foo/{uuid}', 'FooController@destroy');
Route::post('foo', 'FooController@store');
Route::put('foo/{uuid}', 'FooController@update');
});

/**
* Foo Routes for creator
*/
Route::group(['middleware' => 'bar:creator'], function () {
Route::post('foo', 'FooController@store');
Route::put('foo/{uuid}', 'FooController@update');
});

之所以这样拆分是因为creator需要访问admin组中的两条路由,而admin需要所有路由的权限。通过中间件 bar 提供访问权限。

但是,每当我是 admin 并尝试访问第二个路由组中可用的两条路由之一时,我的 bar 类都会拒绝它的请求。它说我必须是 creator 才能访问该路线。这是否意味着路由具有级联行为,其中路由组的最后一个实例是 laravel 使用的?如果是这样,我该如何格式化我的路线以避免这个问题?

代码:

public function handle($request, \Closure $next, ...$permissionRules)
{
.
.
.

$userPermissions = $decodedToken['user']['permissions'];

// If the user does not have every permission defined via route parameters, deny.
foreach ($permissionRules as $permissions) {
if (!in_array($permissions, $userPermissions)) {
return $this->denyResponse();
}
}

// The user has every permission rule defined via route parameters, so allow.
return $next($request);
}

最佳答案

执行此操作的正确方法是自定义您正在使用的中间件 (bar) 以接受多个权限/角色。

一个简单的方法是传递一个以逗号分隔的可接受权限列表,将其转换为一个数组,然后检查 Auth 用户是否具有传递的权限。

要使用您最初给我们的代码,这里有一种实现方式:

首先,为权限组创建一个新的Route Group:

/**
* Foo Routes for admin
*/
Route::group(['middleware' => 'bar:admin'], function () {
Route::put('foo/{uuid}/publish', 'FooController@publish');
Route::put('foo/{uuid}/disable', 'FooController@disable');
Route::put('foo/{uuid}/enable', 'FooController@enable');
Route::delete('foo/{uuid}', 'FooController@destroy');
});

/**
* Foo Routes for creator
*/
Route::group(['middleware' => 'bar:creator'], function () {
// Other Routes available only to Creator permission users
});

/**
* Foo Routes for creator & admin
*/
Route::group(['middleware' => 'bar:creator,admin'], function () {
Route::post('foo', 'FooController@store');
Route::put('foo/{uuid}', 'FooController@update');
});

其次,更新bar中间件,将逗号分隔的字符串转换为数组

public function handle($request, \Closure $next, ...$permissionRules)
{
.
.
.

$permissionRules = explode(',', $permissionRules);

$userPermissions = $decodedToken['user']['permissions']; //Assuming this is an array of the Auth'ed user permissions.

// If the user does not have every permission defined via route
parameters, deny.
foreach ($permissionRules as $permission) {
if (in_array($permission, $userPermissions)) {
// Change this to see if the permission is in the array, opposed to NOT in the array
return $next($request);
}
}

// Made it so that if the permission is NOT found in the array then Deny
return $this->denyResponse();
}

这应该就是您所需要的。希望这对您有所帮助!

关于php - Laravel 路由 : same routes in two different route groups,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50261560/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com