Php 如何根据角色限制Laravel登录?
我正在寻找一种更好、更有效的方法来限制用户基于给定角色登录应用程序。例如,只有具有管理员角色的Php 如何根据角色限制Laravel登录?,php,laravel,Php,Laravel,我正在寻找一种更好、更有效的方法来限制用户基于给定角色登录应用程序。例如,只有具有管理员角色的用户才能登录到应用程序仪表板 这是我的实现 谢谢 用户表 台式播种机 <?php use App\User; use Illuminate\Database\Seeder; class UsersTableSeeder extends Seeder { /** * Run the database seeds. * * @return void
用户才能登录到应用程序仪表板
这是我的实现
谢谢
用户表
台式播种机
<?php
use App\User;
use Illuminate\Database\Seeder;
class UsersTableSeeder extends Seeder
{
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
$user = new User();
$user->name = "admin";
$user->email = "";
$user->mobile = "";
$user->is_admin = true;
$user->password = bcrypt("");
$user->active = false;
$user->save();
}
}
验证方法
public function authenticate($request)
{
return \Auth::guard()->attempt([
'email' => $request->email,
'password' => $request->password,
],
$request->filled('remember')
);
}
在登录控制器中,重写此方法以限制登录
protected function credentials(Request $request)
{
return array_merge($request->only($this->username(), 'password'), ['is_admin' => 1]);
}
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
protected function sendFailedLoginResponse(Request $request)
{
$errors = [$this->username() => trans('auth.failed')];
// Load user from database
$user = User::where($this->username(), $request->{$this->username()})->first();
// Check if user was successfully loaded, that the password matches
// and is_admin not 1. If so, override the default error message.
if ($user && \Hash::check($request->password, $user->password) && $user->is_admin != 1) {
$errors = [$this->username() => "You don't have access to login this system"];
}
if ($request->expectsJson()) {
return response()->json($errors, 422);
}
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
}
确保在顶部使用它
use Illuminate\Http\Request;
use App\User;
我认为处理这种情况的最好方法是创建您自己的登录功能,并在该功能中设置如下复选框:
// If the email is registered with a certain role then only allow them further to the login process otherwise return with a proper message
$user = User::where(['email' => $your_email]);
if( $user->role == 'admin' || $user->role == 'agent' ){
// Login mechanism
}
else{
// return redirect with a proper message
}
对于所有进一步的路由,创建一个自定义的中间件
,以检查相同的路由并将其传递到路由中间件
数组。您使用的是角色
列还是是管理员
列?您提到了角色
,但似乎使用了is\u admin
。请您解释一下您发布的代码的错误,什么不起作用?AFAIR这是laravel生成的代码,没有添加任何内容。@Script47我使用的是“管理”列。我实际上会覆盖authenticated
,因为在那里您实际上拥有已登录的用户。
// If the email is registered with a certain role then only allow them further to the login process otherwise return with a proper message
$user = User::where(['email' => $your_email]);
if( $user->role == 'admin' || $user->role == 'agent' ){
// Login mechanism
}
else{
// return redirect with a proper message
}