Community Learn Tools Library Leisure
search
English
Home > List of blog posts > laravel--通用后台管理系统--权限中间件
Blogger Information
Blog 64
fans 6
comment 2
visits 82821
Special Recommendation
More>
Related recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
laravel--通用后台管理系统--权限中间件
王娇
Original
884 people have browsed it

学习总结

1.通过Auth::user()获取用户的登录信息

2.通过$request->route()->action['controller']获取当前访问路由地址对应的控制器App\Http\Controllers\admins\Home@index

3.通过字符串函数stopos()获取控制器和方法,然后判断是否存在该菜单,菜单是否可用,是否有权限操作菜单

1.权限中间件RightsVerify.php

  2. <?php
  4. namespace App\Http\Middleware;
  6. use Closure;
  7. use Hamcrest\Arrays\IsArray;
  8. //引入数据库查询构造器,链式调用
  9. use Illuminate\Support\Facades\DB;
  10. //引入Auth类,获取当前登录的用户
  11. use Illuminate\Support\Facades\Auth;
  13. use function GuzzleHttp\json_decode;
  15. class RightsVerify
  16. {
  17.     /**
  18.      * Handle an incoming request.
  19.      *
  20.      * @param  \Illuminate\Http\Request  $request
  21.      * @param  \Closure  $next
  22.      * @return mixed
  23.      */
  24.     public function handle($request, Closure $next)
  25.     {
  26.         //获取当前登录用户的用户信息
  27.         $user = Auth::user();
  28.         //获取当前登录用户的角色id
  29.         $gid = $user->gid;
  30.         $gInfo = DB::table('admin_group')->where('gid',$gid)->item();
  31.         if(!$gInfo):
  32.             return response('不存在该角色',200);
  33.         endif;
  35.         //把所有当前用户可用的菜单保存在数组中
  36.         $rights = [];
  37.         if($gInfo['rights']):
  38.            $rights = json_decode($gInfo['rights'],true);
  39.         endif;
  41.         //检查当前用户访问的是哪个菜单,是否有权限访问,是否有该菜单
  43.         $curUrl = $request->route()->action['controller'];//返回当前访问的路由所对应的控制器和方法
  44.         //App\Http\Controllers\admins\Home@index
  45.         $pos = strrpos($curUrl,'\\');//从字符串右边开始查找\在字符串中的位置
  46.         $curUrl = substr($curUrl,$pos+1);
  47.         //Home@index
  48.         $pos = strpos($curUrl,'@');//获取分隔符的位置
  49.         $con = substr($curUrl,0,$pos);//获取要访问的控制器
  50.         $act = substr($curUrl,$pos+1);//获取要访问的方法
  51.         //在数据库中查找对应的菜单
  52.         $curMenu = DB::table('admin_menu')->where('controller',$con)->where('action',$act)->item();
  53.         if(!$curMenu):
  54.             return response('不存在此功能',200);
  55.         endif;
  56.         if($curMenu['status']==1):
  57.             return response('此功能已被禁用,请联系管理员开启此功能',200);
  58.         endif;
  59.         if(!(in_array($curMenu['mid'],$rights))):
  60.             return response('没有权限使用此菜单,请更改权限后使用',200);
  61.         endif;
  62.         // echo '<pre>';
  63.         // print_r($curMenu);
  64.         // exit;
  65.         return $next($request);
  66.     }
  67. }

2.注册权限控制中间件app/kernel.php中的$routeMiddleware属性

  2. <?php
  4. namespace App\Http;
  6. use Illuminate\Foundation\Http\Kernel as HttpKernel;
  8. class Kernel extends HttpKernel
  9. {
  10.     /**
  11.      * The application's global HTTP middleware stack.
  12.      *
  13.      * These middleware are run during every request to your application.
  14.      *
  15.      * @var array
  16.      */
  17.     protected $middleware = [
  18.         // \App\Http\Middleware\TrustHosts::class,
  19.         \App\Http\Middleware\TrustProxies::class,
  20.         \Fruitcake\Cors\HandleCors::class,
  21.         \App\Http\Middleware\CheckForMaintenanceMode::class,
  22.         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
  23.         \App\Http\Middleware\TrimStrings::class,
  24.         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
  25.     ];
  27.     /**
  28.      * The application's route middleware groups.
  29.      *
  30.      * @var array
  31.      */
  32.     protected $middlewareGroups = [
  33.         'web' => [
  34.             \App\Http\Middleware\EncryptCookies::class,
  35.             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
  36.             \Illuminate\Session\Middleware\StartSession::class,
  37.             // \Illuminate\Session\Middleware\AuthenticateSession::class,
  38.             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
  39.             \App\Http\Middleware\VerifyCsrfToken::class,
  40.             \Illuminate\Routing\Middleware\SubstituteBindings::class,
  41.         ],
  43.         'api' => [
  44.             'throttle:60,1',
  45.             \Illuminate\Routing\Middleware\SubstituteBindings::class,
  46.         ],
  47.     ];
  49.     /**
  50.      * The application's route middleware.
  51.      *
  52.      * These middleware may be assigned to groups or used individually.
  53.      *
  54.      * @var array
  55.      */
  56.     protected $routeMiddleware = [
  57.         'auth' => \App\Http\Middleware\Authenticate::class,
  58.         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
  59.         'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
  60.         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
  61.         'can' => \Illuminate\Auth\Middleware\Authorize::class,
  62.         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
  63.         'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
  64.         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
  65.         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
  66.         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
  67.         //注册权限控制中间件
  68.         'rights' => \App\Http\Middleware\RightsVerify::class,
  69.     ];
  70. }

3.在web.php中使用中间件

  2. <?php
  4. use Illuminate\Support\Facades\Route;
  6. /*
  7. |--------------------------------------------------------------------------
  8. | Web Routes
  9. |--------------------------------------------------------------------------
  10. |
  11. | Here is where you can register web routes for your application. These
  12. | routes are loaded by the RouteServiceProvider within a group which
  13. | contains the "web" middleware group. Now create something great!
  14. |
  15. */
  17. Route::get('/', function(){
  18.     return view('welcome');
  19. });
  22. //登录页面
  23. Route::get('/admins/account/login','admins\Account@login')->name('login');//使用name()方法对路由进行命名
  24. //验证码图片
  25. Route::get('/admins/account/captcha','admins\Account@captcha');
  26. //登录操作
  27. Route::post('/admins/account/dologin','admins\Account@dologin');
  29. //后台首页
  30. //调用框架自带的auth中间件判断是否登录,namespace()方法指定控制器的命令空间,group()方法中是一个回调函数,把一组路由写在这个回调函数中
  31. Route::namespace('admins')->middleware(['auth','rights'])->group(function(){
  32.     Route::get('/admins/home/index','Home@index');
  33.     Route::get('/admins/home/welcome','Home@welcome');
  35.     //账号管理
  36.     Route::get('/admins/admin/index','Admin@index');
  37.     //添加账号
  38.     Route::get('/admins/admin/add','Admin@add');
  39. });
Correcting teacher:天蓬老师天蓬老师

Correction status:qualified

Teacher's comments:中间件的功能类似前置方法, 可以理解为构造方法中自动调用的方法
Statement of this Website
The copyright of this blog article belongs to the blogger. Please specify the address when reprinting! If there is any infringement or violation of the law, please contact admin@php.cn Report processing!
All comments Speak rationally on civilized internet, please comply with News Comment Service Agreement
0 comments
Author's latest blog post