需要在单个资源控制器中使用Entrust角色的建议 - Laravel5

I am working on a control panel app where i have several user roles like globaladmin, editors etc. Now i want to use these roles with a single UserController Resource.

我正在开发一个控制面板应用程序，我有几个用户角色，如globaladmin，编辑器等。现在我想用一个UserController资源使用这些角色。

For example globaladmins should be able to perform all Restful methods, while an editor can only View and Update a user.

例如，globaladmins应该能够执行所有Restful方法，而编辑器只能查看和更新用户。

I know that entrust comes with middlewares out of the box, which is perfect for what i need. But it works on the routes only (in which case i would need separate controller for each role) .

我知道委托带有开箱即用的中间件，这非常适合我需要的东西。但它只适用于路由（在这种情况下，我需要为每个角色分别使用控制器）。

My UserController looks something like this.

我的UserController看起来像这样。

Class UserController extends BaseController
{
     $protected $viewfolder;
     public function __construct
     {
        // Checking for role and then assigning the folder name of the views
        $role = User::getRole();
        switch($role)
        case 'globaladmin':
              $this->viewfolder = 'globaladmin';
              break;
        case 'editor':
              $this->viewfolder = 'editor';
              break;
        default:
              abort(401, 'Access Denied');
              break;
     }

     public function index(){
        if( Entrust::can('view-all-users') ){
            $users = User:all();
        }
        return view( $this->viewfolder.'.users.viewuser', compact('users'));
     }
     public function create()
     public function update()
     public function delete()
}

I need a middleware in the constructor that would check for user role and then only allow to use the method only if the role has permission to use it. But this should be done in a decent way without any hacks because i will be using it on other controllers as well.

我需要在构造函数中使用一个中间件来检查用户角色，然后只有在角色有权使用它时才允许使用该方法。但是这应该以一种体面的方式完成，没有任何黑客攻击，因为我也将在其他控制器上使用它。

2 个解决方案

#1

I assume that you are using the following in your routes file:

我假设您在路由文件中使用以下内容：

Route::resource('users', 'UserController');

In this case, I would suggest, that you use one of the middlewares provided by Entrust as base and retrieve the called method, e.g. if you use EntrustRole:

在这种情况下，我建议您使用Entrust提供的一个中间件作为基础并检索被调用的方法，例如如果你使用EntrustRole：

public function handle($request, Closure $next)
{
    $controllerMethod = Route::segment(3);
    $roles = $this->retrieveRequiredRolesForMethod($method);
    if ($this->auth->guest() || !$request->user()->hasRole(explode('|', $roles))) {
        abort(403);
    }
    return $next($request);
}

Of course this is just a hint and you should find a better way to extract the called method and still need to implement retrieveRequiredRolesForMethod

当然这只是一个提示，你应该找到一个更好的方法来提取被调用的方法，仍然需要实现retrieveRequiredRolesForMethod

#2

Ah.. I think this will work in your case.

啊......我认为这对你的情况有用。

class UserController extends Controller
{
    public function __construct()
    {                        
        $this->middleware('permission:user_index', ['only' => ['index']]); 
        $this->middleware('permission:user_create', ['only' => ['create', 'store']]);
        $this->middleware('permission:user_edit', ['only' => ['edit', 'update']]);
        $this->middleware('permission:user_delete', ['only' => ['delete']]);
        $this->middleware('permission:user_view', ['only' => ['show']]);            

    }
}

Here user_index,user_create, user_edit etc are the permissions(entries in permission table name field) for user module.

这里user_index，user_create，user_edit等是用户模块的权限（权限表名称字段中的条目）。

This will automatically check the logged-in user ability and will show page accordingly.

这将自动检查登录的用户能力并相应地显示页面。

#1