How to implement permission based navigation menu in Laravel
As websites and applications become more and more complex, permission management becomes critical. When a user logs in through authentication, we want them to be able to access pages and features to which they have permission, but not to pages and features to which they do not have permission. This article will explain how to implement a permission-based navigation menu in Laravel so that we can easily control what the user can see.
Step 1: Install Laravel and configure the database
If you are already familiar with Laravel, you can skip this step. Otherwise follow these steps to install Laravel:
- Install Composer: If you haven’t installed Composer yet, please follow the official guide to install it first.
-
Install Laravel: Open the terminal and use Composer to install Laravel.
composer global require laravel/installer
Copy after login Configure the database: Set the database connection parameters in the .env file.
DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=your_database_name DB_USERNAME=your_username DB_PASSWORD=your_password
Copy after loginRun migrations: Run database migrations to create the required tables.
php artisan migrate
Copy after login
Step 2: Set up routes and controllers
In this example, we will create a controller named DashboardController and define three routes for it :/dashboard, /users, /roles. Necessary permission checks can be added in the controller's constructor.
<?php
namespace AppHttpControllers;
use IlluminateHttpRequest;
class DashboardController extends Controller
{
public function __construct()
{
$this->middleware(['auth', 'permissions']); // 添加授权中间件
}
public function index()
{
return view('dashboard');
}
public function users()
{
return view('users');
}
public function roles()
{
return view('roles');
}
}Step 3: Set permission rules
Next, we need to define permission rules. We create a file called permissions.php in which we define all the required permissions. You can modify or add more permission rules according to your business needs.
return [
'admin' => [
'dashboard' => true,
'users' => true,
'roles' => true,
],
'editor' => [
'dashboard' => true,
'users' => false,
'roles' => false,
],
'user' => [
'dashboard' => true,
'users' => false,
'roles' => false,
],
];Step 4: Create middleware and register
We need to create a middleware to check the user's permissions. Create a middleware named CheckPermissions in the /app/Http/Middleware directory.
<?php
namespace AppHttpMiddleware;
use Closure;
use IlluminateSupportFacadesAuth;
class CheckPermissions
{
public function handle($request, Closure $next)
{
$user = Auth::user();
$routeName = $request->route()->getName();
if (!$user->hasPermission($routeName)) {
abort(403);
}
return $next($request);
}
}As you can see, the middleware gets the route name from the request and uses the Auth::user() method to check whether the user has permission to access the route. If there is no permission, a 403 Forbidden status will be returned.
Then we need to register the middleware into the application. Open the /app/Http/Kernel.php file and find the $middlewareGroups array. Add a middleware called permissions in the web array.
protected $middlewareGroups = [
'web' => [
// ...
AppHttpMiddlewareCheckPermissions::class,
],
// ...
];Step Five: Create View and Navigation Menu
When creating the navigation menu in the view file, we need to check whether the user has permission to access each link. Use the Auth::user() method to check whether the current user has specific permissions for a feature.
<nav>
<ul>
<li><a href="{{ route('dashboard') }}" @if (!Auth::user()->hasPermission('dashboard'))disabled@endif>Dashboard</a></li>
<li><a href="{{ route('users') }}" @if (!Auth::user()->hasPermission('users'))disabled@endif>Users</a></li>
<li><a href="{{ route('roles') }}" @if (!Auth::user()->hasPermission('roles'))disabled@endif>Roles</a></li>
</ul>
</nav>Step 6: Check permissions
In the user model, we define a method called hasPermission(). This method accepts a route name and then checks whether the user has access to that route.
public function hasPermission($routeName)
{
$role = $this->role;
$permissions = config('permissions.' . $role);
return isset($permissions[$routeName]) && $permissions[$routeName];
}We use the config() function to read the permission rules and check whether the user has access permission to the route. We also use the role attribute in the user model to get the role of that user.
Now we have successfully created a permission-based navigation menu that automatically disables links when the user accesses a prohibited page. Hope this article can help you master how to use Laravel to implement permission-based navigation menu.
The above is the detailed content of How to implement permission based navigation menu in Laravel. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
Enable root permissions with one click (quickly obtain root permissions)
Jun 02, 2024 pm 05:32 PM
It allows users to perform more in-depth operations and customization of the system. Root permission is an administrator permission in the Android system. Obtaining root privileges usually requires a series of tedious steps, which may not be very friendly to ordinary users, however. By enabling root permissions with one click, this article will introduce a simple and effective method to help users easily obtain system permissions. Understand the importance and risks of root permissions and have greater freedom. Root permissions allow users to fully control the mobile phone system. Strengthen security controls, customize themes, and users can delete pre-installed applications. For example, accidentally deleting system files causing system crashes, excessive use of root privileges, and inadvertent installation of malware are also risky, however. Before using root privileges
Comparison of the latest versions of Laravel and CodeIgniter
Jun 05, 2024 pm 05:29 PM
The latest versions of Laravel 9 and CodeIgniter 4 provide updated features and improvements. Laravel9 adopts MVC architecture and provides functions such as database migration, authentication and template engine. CodeIgniter4 uses HMVC architecture to provide routing, ORM and caching. In terms of performance, Laravel9's service provider-based design pattern and CodeIgniter4's lightweight framework give it excellent performance. In practical applications, Laravel9 is suitable for complex projects that require flexibility and powerful functions, while CodeIgniter4 is suitable for rapid development and small applications.
How do the data processing capabilities in Laravel and CodeIgniter compare?
Jun 01, 2024 pm 01:34 PM
Compare the data processing capabilities of Laravel and CodeIgniter: ORM: Laravel uses EloquentORM, which provides class-object relational mapping, while CodeIgniter uses ActiveRecord to represent the database model as a subclass of PHP classes. Query builder: Laravel has a flexible chained query API, while CodeIgniter’s query builder is simpler and array-based. Data validation: Laravel provides a Validator class that supports custom validation rules, while CodeIgniter has less built-in validation functions and requires manual coding of custom rules. Practical case: User registration example shows Lar
Laravel - Artisan Commands
Aug 27, 2024 am 10:51 AM
Laravel - Artisan Commands - Laravel 5.7 comes with new way of treating and testing new commands. It includes a new feature of testing artisan commands and the demonstration is mentioned below ?
Which one is more beginner-friendly, Laravel or CodeIgniter?
Jun 05, 2024 pm 07:50 PM
For beginners, CodeIgniter has a gentler learning curve and fewer features, but covers basic needs. Laravel offers a wider feature set but has a slightly steeper learning curve. In terms of performance, both Laravel and CodeIgniter perform well. Laravel has more extensive documentation and active community support, while CodeIgniter is simpler, lightweight, and has strong security features. In the practical case of building a blogging application, Laravel's EloquentORM simplifies data manipulation, while CodeIgniter requires more manual configuration.
Laravel vs CodeIgniter: Which framework is better for large projects?
Jun 04, 2024 am 09:09 AM
When choosing a framework for large projects, Laravel and CodeIgniter each have their own advantages. Laravel is designed for enterprise-level applications, offering modular design, dependency injection, and a powerful feature set. CodeIgniter is a lightweight framework more suitable for small to medium-sized projects, emphasizing speed and ease of use. For large projects with complex requirements and a large number of users, Laravel's power and scalability are more suitable. For simple projects or situations with limited resources, CodeIgniter's lightweight and rapid development capabilities are more ideal.
Laravel vs CodeIgniter: Which framework is better for small projects?
Jun 04, 2024 pm 05:29 PM
For small projects, Laravel is suitable for larger projects that require strong functionality and security. CodeIgniter is suitable for very small projects that require lightweight and ease of use.
Which is the better template engine, Laravel or CodeIgniter?
Jun 03, 2024 am 11:30 AM
Comparing Laravel's Blade and CodeIgniter's Twig template engine, choose based on project needs and personal preferences: Blade is based on MVC syntax, which encourages good code organization and template inheritance. Twig is a third-party library that provides flexible syntax, powerful filters, extended support, and security sandboxing.
