我正在開發一個具有用戶、角色和權限的Laravel 8應用程式。我使用Microsoft Azure進行用戶登錄。
我首先在他們的網站上關注本教程。
我從MySQL 表中獲取特定于每個用戶角色的逗號分隔的用戶權限串列。permissions
我希望當前用戶可以訪問某些路由,具體取決于他們擁有的權限。
我將userPermissions變數存盤在這樣的會話中:
public function storeTokens($accessToken, $user, $user_role, $user_permissions) {
session([
'accessToken' => $accessToken->getToken(),
'refreshToken' => $accessToken->getRefreshToken(),
'tokenExpires' => $accessToken->getExpires(),
'userName' => $user->getDisplayName(),
'firstName' => $user->getGivenName(),
'lastName' => $user->getSurname(),
'userRole' => $user_role,
'userPermissions' => $user_permissions,
'userEmail' => null !== $user->getMail() ? $user->getMail() : $user->getUserPrincipalName(),
'userTimeZone' => $user->getMailboxSettings()->getTimeZone()
]);
}
我創建了一個新的中間件,名為CheckUserPermissions:
class CheckUserPermissions
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
private $permission;
// Permissions checker
public function hasPermissionTo($permission) {
return in_array($permission, session('userPermissions'));
}
public function handle(Request $request, Closure $next)
{
// Check user permissions
if (!$this->hasPermissionTo($this->permission)) {
return redirect('/')->with('error', 'You do not have permission to access to this section of the application');
}
return $next($request);
}
}
我在以下位置注冊了上述中間件app\Http\Kernel.php:
protected $routeMiddleware = [
//More middleware
'checkSignedIn' => \App\Http\Middleware\CheckSignedIn::class,
'checkUserPermissions' => \App\Http\Middleware\CheckUserPermissions::class,
];
問題
問題是我無法在控制器外部使用策略/門(即使當前用戶確實有權查看用戶)。
這樣做Route::get('/users', [UsersContoller::class, 'index'])->middleware('checkUserPermissions')->hasPermissionTo('view-users')不起作用routes\web.php:
// Dashboard routes
Route::group(['prefix' => 'dashboard', 'middleware' => ['checkSignedIn']], function() {
Route::get('/', [DashboardContoller::class, 'index'])->name('dashboard');
Route::get('/users', [UsersContoller::class, 'index'])->middleware('checkUserPermissions')->hasPermissionTo('view-users');
});
它導致在Method Illuminate\Routing\Route::hasPermissionTo does not exist瀏覽器中顯示錯誤
我究竟做錯了什么?
uj5u.com熱心網友回復:
您無法訪問路由定義中的中間件方法。中間件僅運行該handle方法,因此您在撰寫代碼時應牢記這一點。以下是解決此問題的方法:
class CheckUserPermissions
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
private $permission;
// Permissions checker
public function hasPermissionTo($permission) {
return in_array($permission, session('userPermissions'));
}
public function handle(Request $request, Closure $next, ...$permissions)
{
// Check user permissions
foreach ($permissions as $permission) {
if (!$this->hasPermissionTo($permission)) {
return redirect('/')->with('error', 'You do not have permission to access to this section of the application');
}
}
return $next($request);
}
}
并將中間件用作:
Route::group(['prefix' => 'dashboard', 'middleware' => ['checkSignedIn']], function() {
Route::get('/', [DashboardContoller::class, 'index'])->name('dashboard');
Route::get('/users', [UsersContoller::class, 'index'])->middleware('checkUserPermissions:view-users');
});
:in之后的任何內容checkUserPermissions:view-users都作為方法的附加引數發送handle。您也可以發送多個:
Route::get('/users', [UsersContoller::class, 'index'])->middleware('checkUserPermissions:view-users,see-users,glance-at-users');
$permissions逗號分隔串列中的每一項都是中間件陣列中的一個附加陣列條目
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/436659.html
上一篇:Stripe支付元素加載緩慢