̽Ë÷ Laravel ÖеÄÊÚȨ»úÖƼ°ÊµÏÖÒªÁì
laravel ÊÇÒ»¸öÊ¢ÐÐµÄ php ¿ò¼Ü£¬ÓÃÓÚ¹¹½¨ÖÖÖÖÀàÐ굀 web Ó¦ÓóÌÐò¡£µ±Äú¹¹½¨ web Ó¦ÓóÌÐòʱ£¬ÍùÍùÐèÒª¶ÔÓû§ºÍ×ÊÔ´¾ÙÐÐÖÎÀíºÍ±£»¤£¬Õâ¾ÍÐèÒª¶Ô»á¼ûȨÏÞ¾ÙÐÐÖÎÀí¡£
Laravel ÌṩÁËÒ»ÖÖ¼òÆÓ¶øÓÐÇ¿Ê¢µÄÈÏÖ¤ºÍÊÚȨҪÁ죬¿ÉÒÔÀû±ãµØΪӦÓóÌÐòµÄÓû§¸¶Óë²î±ð¼¶±ðµÄȨÏÞ¡£ÔÚ±¾ÆªÎÄÕÂÖУ¬ÎÒÃǽ«Ì½Ë÷ Laravel ÖеÄÊÚȨ»úÖƼ°×ÅʵÏÖÒªÁì¡£
ʲôÊÇ Laravel ÊÚȨ
ÊÚȨÊÇÖ¸ÔÚÓ¦ÓóÌÐòÖнç˵ºÍʵÏÖ»á¼û¿ØÖƵÄÀú³Ì¡£Õâ°üÀ¨È·ÈÏÓû§ÊÇË¡¢ÑéÖ¤ËûÃǵÄÉí·ÝºÍÈ·ÈÏËûÃÇÊÇ·ñ±»ÊÚÓè»á¼û¹²Ïí×ÊÔ´µÄȨÏÞ¡£
ÔÚ Laravel ÖУ¬ÊÚȨÊÇÖ¸Óû§Äܹ»Ö´ÐеÄÌض¨²Ù×÷»ò»á¼ûµÄÌض¨×ÊÔ´¡£Ëü»ùÓÚÓû§µÄ½ÇÉ«»òÔÊÐí֤ȷ¶¨£¬ÒÔ±£»¤Ó¦ÓóÌÐòÖеÄÃô¸Ð²Ù×÷»ò×ÊÔ´¡£
Laravel ÊÚȨµÄÀàÐÍ
ÔÚ Laravel ÖУ¬ÓÐÁ½ÖÖÀàÐ͵ÄÊÚȨ£ºÖÐÑë¼þÊÚȨºÍÕ½ÂÔÊÚȨ¡£
ÖÐÑë¼þÊÚȨ
ÖÐÑë¼þÊÚȨÊÇͨ¹ý Laravel µÄÖÐÑë¼þ»úÖÆʵÏֵġ£ÖÐÑë¼þÊÇÔÚ HTTP ÇëÇóºÍÏìÓ¦Ö®¼äÖ´ÐеÄÒ»¶Î´úÂ룬¿ÉÓÃÓÚÍê³ÉÖÖÖÖʹÃü£¬ÀýÈçÇëÇóÑéÖ¤¡¢ÊÚȨ¡¢¼Í¼²Ù×÷µÈ¡£
ʹÓÃÖÐÑë¼þÊÚȨʱ£¬Ã¿ÆäÖÐÑë¼þ¶¼¼ì²éÌض¨µÄÌõ¼þ¡£ÈôÊÇÌõ¼þ²»Öª×㣬ÖÐÑë¼þ»á¾Ü¾øÇëÇ󣬲¢ÇÒÄú¿ÉÒÔ½«Óû§Öض¨Ïòµ½µÇ¼ҳÃæ»òÆäËû¹ýʧҳÃæ¡£
Õ½ÂÔÊÚȨ
Õ½ÂÔÊÚȨÊÇÀëÉ¢µÄÊÚȨϵͳ£¬´ú±íÄúµÄÓ¦ÓóÌÐòÖеÄÿ¸öÄ£×Ó¡£Ê¹ÓÃÕ½ÂÔÊÚȨʱ£¬Äú¿ÉÒÔ½ç˵ÿ¸öÄ£×ÓµÄʹÓÃȨÏÞ£¬ÀýÈç¶ÁÈ¡¡¢½¨Éè¡¢¸üкÍɾ³ýÊý¾ÝµÈ¡£
ʹÓÃÕ½ÂÔÊÚȨʱ£¬Äú¿ÉÒÔÉèÖô¦ÀíÊÚȨÂß¼µÄÒªÁì¡£ÈôÊÇÊÚȨ¼ì²éʧ°Ü£¬Laravel »á×Ô¶¯Å׳ö 403 Forbidden Òì³£¡£
Laravel ÊÚȨµÄʵÏÖ
ÖÐÑë¼þÊÚȨ
ҪʹÓÃÖÐÑë¼þÊÚȨ£¬ÇëʵÏÖÖÐÑë¼þ²¢½«ÆäÌí¼Óµ½Â·ÓÉÖС£ÖÐÑë¼þÓ¦¸Ã¼ì²éÌض¨µÄÌõ¼þ£¬²¢ÔÚÌõ¼þ²»Öª×ãʱ×èÖ¹ÇëÇó¡£
ÒÔÏÂÊÇÒ»¸öʾÀýÖÐÑë¼þʵÏÖ£¬Ëü¼ì²éÓû§ÊÇ·ñÓµÓÐÌض¨µÄ½ÇÉ«£º
namespace App\Http\Middleware; use Closure; use Illuminate\Support\Facades\Auth; class RoleMiddleware { public function handle($request, Closure $next, $role) { if (! Auth::user()->hasRole($role)) { return redirect('/home'); } return $next($request); } }
µÇ¼ºó¸´ÖÆ
ҪʹÓÃÆäÖÐÑë¼þ£¬Ç뽫Æä×¢²áµ½ app/Http/Kernel.php ÎļþÖÐµÄ $routeMiddleware ÊôÐÔÖС£
protected $routeMiddleware = [ 'role' => \App\Http\Middleware\RoleMiddleware::class, ];
µÇ¼ºó¸´ÖÆ
ÏÖÔÚ£¬Äú¿ÉÒÔÔÚ·ÓÉÖÐʹÓà role ÖÐÑë¼þÁË¡£
Route::group(['middleware' => ['role:admin']], function () { Route::get('/dashboard', function () { // Your code }); });
µÇ¼ºó¸´ÖÆ
ÉÏÃæµÄ´úÂë»á¼ì²éÓû§ÊÇ·ñÓµÓÐ admin ½ÇÉ«£¬²¢ÔÚûÓÐȨÏÞµÄÇéÐÎÏÂÖض¨Ïòµ½Ö÷Ò³¡£Äú¿ÉÒÔƾ֤ÐèÒªÐÞ¸ÄÖÐÑë¼þʵÏÖ¡£
Õ½ÂÔÊÚȨ
Õ½ÂÔÊÚȨÊÇÓëÄ£×ÓÏà¹ØµÄÀëÉ¢ÊÚȨϵͳ¡£Äú±ØÐè×ñÕÕÒÔϼ¸¸ö°ì·¨À´ÊµÏÖÕ½ÂÔÊÚȨ£º
ÌìÉúÕ½ÂÔ
ʹÓà make:policy ÏÂÁîÌìÉúÕ½ÂÔÀࣺ
php artisan make:policy ArticlePolicy --model=Article
µÇ¼ºó¸´ÖÆ
´ËÏÂÁÔÚ app/Policies Ŀ¼Öн¨ÉèÒ»¸öÃûΪ ArticlePolicy µÄÀà¡£Äú¿ÉÒÔÔÚ¸ÃÀàÖÐÖ¸¶¨Ã¿¸ö Article Ä£×ÓµÄÊÚȨÂß¼¡£
×¢²áÕ½ÂÔ
ÔÚ app/Providers/AuthServiceProvider.php ÎļþµÄ $policies ÊôÐÔÖÐ×¢²áÕ½ÂÔ£º
use App\Article; use App\Policies\ArticlePolicy; protected $policies = [ Article::class => ArticlePolicy::class, ];
µÇ¼ºó¸´ÖÆ
½¨ÉèÊÚȨҪÁì
ÏÖÔÚ£¬Äú¿ÉÒÔÔÚÕ½ÂÔÖÐʵÏÖÊÚȨÂß¼ÁË¡£ÀýÈ磬Äú¿ÉÒÔ½¨ÉèÒ»¸ö¿ÉÒÔ±à¼ÎÄÕµÄÒªÁ죺
public function update(User $user, Article $article) { return $user->id === $article->user_id; }
µÇ¼ºó¸´ÖÆ
ÉÏÃæµÄ´úÂë¼ì²éÄ¿½ñÓû§ÊÇ·ñÊÇÎÄÕÂ×÷Õߣ¬ÈôÊÇÊÇ£¬Ôò¿ÉÒÔÐÞ¸ÄÎÄÕ¡£ÈôÊDz»ÊÇ£¬ÔòÎÞ·¨»á¼ûÎÄÕ±à¼Ò³Ãæ¡£
ÒªÔÚ¿ØÖÆÆ÷ÖÐʹÓÃÕ½ÂÔÊÚȨ£¬ÇëÔÚ»á¼û update ÒªÁì֮ǰŲÓà authorize ÒªÁ죺
public function update(Article $article, Request $request) { $this->authorize('update', $article); // Your code }
µÇ¼ºó¸´ÖÆ
ÉÏÃæµÄ´úÂë»á¼ì²éÓû§ÊÇ·ñÓÐȨÏÞÐÞ¸ÄÎÄÕ£¬ÈôÊÇûÓÐÔò»áÅ׳ö 403 Forbidden Òì³£¡£
×ܽá
Laravel ÌṩÁËÒ»ÖÖ¼òÆÓ¶øÓÐÇ¿Ê¢µÄÊÚȨ»úÖÆ£¬¿ÉÒÔÈÃÎÒÃÇÇáËɵØΪӦÓóÌÐòµÄÓû§½ç˵²î±ðµÄȨÏÞ¼¶±ð¡£ÖÐÑë¼þÊÚȨºÍÕ½ÂÔÊÚȨÊÇ Laravel ÊÚȨµÄÁ½ÖÖÀàÐÍ£¬¿ÉÒÔÓ¦¶Ô²î±ðµÄ³¡¾°¡£
ͨ¹ý±¾ÎĵÄÏÈÈÝ£¬ÐÅÍÐÄúÒѾÕÆÎÕÁË Laravel ÊÚȨµÄ¿´·¨ºÍʵÏÖÒªÁ죬ÈôÊÇÄúÕýÔÚ¹¹½¨Ò»¸öÐèÒª¾ÙÐÐÓû§È¨ÏÞÖÎÀíµÄ Web Ó¦ÓóÌÐò£¬ÕâЩ֪ʶ½«»áÊÇÄúµÄÀûÆ÷¡£
ÒÔÉϾÍÊÇ̽Ë÷ Laravel ÖеÄÊÚȨ»úÖƼ°ÊµÏÖÒªÁìµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡