laravel - 如何在不使用角色的情况下通过管理员保护和普通用户保护访问控制器
问题描述
我需要下载主管张贴的表格。我可以访问该页面,但不能访问表单,因为我无法下载它。它给了我ERR_INVALID_RESPONSE
错误,但主管可以轻松下载它。会不会是中间件有问题?费了好大劲还是下载不了,有知道的大神帮忙看看。
控制器
class DutiesController extends Controller
{
public function assignSupervisor(Request $request, $id)
{
$assignS = new Duty;
$assignS->student_id = $id;
$assignS->user_id = $request->supervisor_id;
$assignS->student_name = $request->student_name;
$assignS->save();
return back();
}
public function assignInstructor(Request $request, $id)
{
$assignS = Duty::where('student_id', $id)->first();
$assignS->admin_id = $request->instructor_id;
$assignS->save();
return back();
}
public function duties($id)
{
$duty = Duty::where('student_id', $id)->orWhere('user_id', $id)->orWhere('admin_id', $id)->first();
return view('Duty.show', compact('duty'));
}
public function assign(Request $request, $id)
{
$assign = Duty::findOrfail($id);
if ($request->hasFile('duty')) {
$this->validate($request, [
'duty' => 'required|file|mimes:pdf,doc'
]);
$fileNameWithExt = $request->file('duty')->getClientOriginalName();
$fileName = pathinfo($fileNameWithExt, PATHINFO_FILENAME);
$extension = $request->file('duty')->getClientOriginalExtension();
$fileNameToStore = $fileName.'_'.time().'.'.$extension;
$path = $request->file('duty')->storeAs('public/duty', $fileNameToStore);
$assign->duty = $fileNameToStore;
}
$assign->marks = $request->marks;
$assign->save();
return back();
}
public function getduty($id) // my download function
{
$download = Duty::findOrfail($id);
return Storage::download("/public/duty/".$download->duty);
}
public function assignSupervisorInstructor()
{
$users = User::with('campus')->where('role_id', 4)->get();
$supervisors = User::with('campus')->where('role_id', 2)->get();
$instructors = Admin::where('role_id', 3)->get();
return view('Assigning.index', compact('users', 'supervisors', 'instructors'));
}
}
路线
Route::group(['middleware' => 'auth:web,admin'], function () {
//Now this routes can be accessible by both admin as well as
Route::get('/duties/downloads/{id}', 'DutiesController@getduty');
Route::post('/duties/assign/{id}', 'DutiesController@assign');
Route::get('/duties/myduties/{id}', 'DutiesController@duties');
Route::get('/duties/mydutty/{id}', 'DuttyController@duties');
Route::post('/duties/{id}', 'DutiesController@assignSupervisor');
Route::get('/assign', 'DutiesController@assignSupervisorInstructor');
Route::post('/duties/inst/{id}', 'DutiesController@assignInstructor');
});
刀
<td>
<a href="/duties/downloads/{{$duty->id}}">
<button class="btn btn-success"><i class="fa fa-download"></i> Dowload Document</button>
</a>
</td>
解决方案
我希望这就是您的意思,但这就是我通过中间件区分用户类型的方式。基本上是创建自定义中间件(我想你也可以通过内置功能来实现,但我更喜欢这个),例如:
1)中间件
app/Http/Middleware/CheckUserType.php
::
namespace App\Http\Middleware;
use Auth;
use Closure;
use App\Usergroup;
class CheckUserType
{
/**
* This middleware checks if the user is logged in as a specific type
*
* @var array
*/
public function handle($request, Closure $next, ...$userGroups)
{
if (in_array(UserGroup::where('id', Auth::user()->groupid)->first()->title, $userGroups)) {
return $next($request);
} else {
return response('Unauthorized...', 401);
}
}
}
在我的情况下,我有一个链接到 user->groupid 的 usergroups 表,因此我使用该模型将 id 交叉引用到我在路由器中提供的组标题。但是你可以很明显地修改它。另请注意,我这样做是...$userGroups
为了如果我想在路由器中迭代多个用户类型(见下文)。
2) 在您的内核中注册:然后在app/Http/Kernel.php
: 添加到protected $routeMiddleware
:
checkUserType' => CheckUserType::class
确保包含您的自定义中间件 ( use App\Http\Middleware\CheckUserType;
)
3)路由:所以最后在我的路由器中,我有以下内容:
/**
* @section Routes that require the user to be a Manager or an Administrator
*/
Route::group(['middleware' => 'checkUserType:Managers,Administrators'], function () {
//
});
或者:
/**
* @section Routes that require the user to be an Administrator
*/
Route::group(['middleware' => 'check.usertype:Administrators'], function () {
// User Routes
Route::delete('/users/delete/{id}', 'UserController@deleteUser');
});
推荐阅读
- node.js - Node.js 和 React 之间的 Nginx 套接字代理都在单独的 Docker 容器中运行
- c - 不改变返回地址的缓冲区溢出攻击
- python - 尽管输入了正确的信息,程序总是诉诸“错误登录”
- json - 谁能告诉我时间点是什么以及如何在这个 json 响应中使用它?
- reactjs - React redux 从输入中丢失一个字符
- laravel - laravel updateOrCreate 查询空数据
- android - Kotlin Android Room 数据库删除查询问题
- python - 在组合框中获取所有用户选择的值
- java - entityManager.find 对数据库产生了多少次命中?
- sql - PL/SQL 块以显示表详细信息