时间戳

首页 > 解决方案 > 如何在不使用角色的情况下通过管理员保护和普通用户保护访问控制器

laravel - 如何在不使用角色的情况下通过管理员保护和普通用户保护访问控制器

问题描述

我需要下载主管张贴的表格。我可以访问该页面,但不能访问表单,因为我无法下载它。它给了我ERR_INVALID_RESPONSE错误,但主管可以轻松下载它。会不会是中间件有问题?费了好大劲还是下载不了,有知道的大神帮忙看看。

控制器

class DutiesController extends Controller
{
    public function assignSupervisor(Request $request, $id)
    {
        $assignS = new  Duty;
        $assignS->student_id = $id;
        $assignS->user_id = $request->supervisor_id;
        $assignS->student_name = $request->student_name;
        $assignS->save();

        return back();
    }

    public function assignInstructor(Request $request, $id)
    {
        $assignS = Duty::where('student_id', $id)->first();
        $assignS->admin_id = $request->instructor_id;
        $assignS->save();

        return back();
    }

    public function duties($id)
    {
        $duty = Duty::where('student_id', $id)->orWhere('user_id', $id)->orWhere('admin_id', $id)->first();

        return view('Duty.show', compact('duty'));
    }

    public function assign(Request $request, $id)
    {
        $assign = Duty::findOrfail($id);
        if ($request->hasFile('duty')) {
            $this->validate($request, [
                'duty' => 'required|file|mimes:pdf,doc'
            ]);
            $fileNameWithExt = $request->file('duty')->getClientOriginalName();
            $fileName = pathinfo($fileNameWithExt, PATHINFO_FILENAME);
            $extension = $request->file('duty')->getClientOriginalExtension();
            $fileNameToStore = $fileName.'_'.time().'.'.$extension;
            $path = $request->file('duty')->storeAs('public/duty', $fileNameToStore);
            $assign->duty = $fileNameToStore;
        }
        $assign->marks = $request->marks;
        $assign->save();

        return back();
    }

    public function getduty($id) // my download function
    {
        $download = Duty::findOrfail($id);

        return Storage::download("/public/duty/".$download->duty);
    }

    public function assignSupervisorInstructor()
    {
        $users = User::with('campus')->where('role_id', 4)->get();
        $supervisors = User::with('campus')->where('role_id', 2)->get();
        $instructors = Admin::where('role_id', 3)->get();

        return view('Assigning.index', compact('users', 'supervisors', 'instructors'));
    }
}

路线

Route::group(['middleware' => 'auth:web,admin'], function () {
    //Now this routes can be accessible by both admin as well as
    Route::get('/duties/downloads/{id}', 'DutiesController@getduty');
    Route::post('/duties/assign/{id}', 'DutiesController@assign');
    Route::get('/duties/myduties/{id}', 'DutiesController@duties');
    Route::get('/duties/mydutty/{id}', 'DuttyController@duties');
    Route::post('/duties/{id}', 'DutiesController@assignSupervisor');
    Route::get('/assign', 'DutiesController@assignSupervisorInstructor');
    Route::post('/duties/inst/{id}', 'DutiesController@assignInstructor');
});


<td>
    <a href="/duties/downloads/{{$duty->id}}">
        <button class="btn btn-success"><i class="fa fa-download"></i> Dowload Document</button>
    </a>
</td>

标签: laravelmiddlewareguard

解决方案

我希望这就是您的意思,但这就是我通过中间件区分用户类型的方式。基本上是创建自定义中间件(我想你也可以通过内置功能来实现,但我更喜欢这个),例如:

1)中间件 app/Http/Middleware/CheckUserType.php::

namespace App\Http\Middleware;
use Auth;
use Closure;
use App\Usergroup;
class CheckUserType
{
    /**
     * This middleware checks if the user is logged in as a specific type
     *
     * @var array
     */
    public function handle($request, Closure $next, ...$userGroups)
    {
        if (in_array(UserGroup::where('id', Auth::user()->groupid)->first()->title, $userGroups)) {
            return $next($request);
        } else {
            return response('Unauthorized...', 401);
        }
    }
}

在我的情况下,我有一个链接到 user->groupid 的 usergroups 表,因此我使用该模型将 id 交叉引用到我在路由器中提供的组标题。但是你可以很明显地修改它。另请注意,我这样做是...$userGroups为了如果我想在路由器中迭代多个用户类型(见下文)。

2) 在您的内核中注册:然后在app/Http/Kernel.php: 添加到protected $routeMiddleware: checkUserType' => CheckUserType::class 确保包含您的自定义中间件 ( use App\Http\Middleware\CheckUserType;)

3)路由:所以最后在我的路由器中,我有以下内容:

/**
* @section Routes that require the user to be a Manager or an Administrator
*/
Route::group(['middleware' => 'checkUserType:Managers,Administrators'], function () {
    //
});

或者:

/**
* @section Routes that require the user to be an Administrator
*/
Route::group(['middleware' => 'check.usertype:Administrators'], function () {
    // User Routes
    Route::delete('/users/delete/{id}', 'UserController@deleteUser');
});

推荐阅读