限制特定用户对发布、删除、修补、放置的访问
限制特定用户对发布、删除、修补、放置的访问
提问于 2018-04-08 12:00:46
我安装了Laravel5.6。
我想给一个用户演示帐户,它不能插入或更新任何东西,但查看一切。
在我的系统里我没有一组角色。我只想硬编码某个地方的用户id并限制这些操作。
我搜索并找到了许多不同的方法( https://laracasts.com/discuss/channels/laravel/protecting-route-for-specific-user ),这远远超出了我所需要的。我只是想把这个功能限制在所有网站上的特定用户。
Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+-------------------------------------------------------+---------------------------------+------------------------------------------------------------------------------------+--------------------------------------------------+
| | GET|HEAD | / | | Closure | web |
| | GET|HEAD | _debugbar/assets/javascript | debugbar.assets.js | Barryvdh\Debugbar\Controllers\AssetController@js | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | _debugbar/assets/stylesheets | debugbar.assets.css | Barryvdh\Debugbar\Controllers\AssetController@css | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | DELETE | _debugbar/cache/{key}/{tags?} | debugbar.cache.delete | Barryvdh\Debugbar\Controllers\CacheController@delete | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | _debugbar/clockwork/{id} | debugbar.clockwork | Barryvdh\Debugbar\Controllers\OpenHandlerController@clockwork | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | _debugbar/open | debugbar.openhandler | Barryvdh\Debugbar\Controllers\OpenHandlerController@handle | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | api/user | | Closure | api,auth:api |
| | GET|HEAD | giris | | Closure | web |
| | GET|HEAD | horizon/api/jobs/failed | horizon.failed-jobs.index | Laravel\Horizon\Http\Controllers\FailedJobsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/jobs/failed/{id} | horizon.failed-jobs.show | Laravel\Horizon\Http\Controllers\FailedJobsController@show | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/jobs/recent | horizon.recent-jobs.index | Laravel\Horizon\Http\Controllers\RecentJobsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | POST | horizon/api/jobs/retry/{id} | horizon.retry-jobs.show | Laravel\Horizon\Http\Controllers\RetryController@store | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/masters | horizon.masters.index | Laravel\Horizon\Http\Controllers\MasterSupervisorController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/jobs | horizon.jobs-metrics.index | Laravel\Horizon\Http\Controllers\JobMetricsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/jobs/{id} | horizon.jobs-metrics.show | Laravel\Horizon\Http\Controllers\JobMetricsController@show | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/queues | horizon.queues-metrics.index | Laravel\Horizon\Http\Controllers\QueueMetricsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/queues/{id} | horizon.queues-metrics.show | Laravel\Horizon\Http\Controllers\QueueMetricsController@show | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | POST | horizon/api/monitoring | horizon.monitoring.store | Laravel\Horizon\Http\Controllers\MonitoringController@store | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/monitoring | horizon.monitoring.index | Laravel\Horizon\Http\Controllers\MonitoringController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/monitoring/{tag} | horizon.monitoring-tag.paginate | Laravel\Horizon\Http\Controllers\MonitoringController@paginate | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | DELETE | horizon/api/monitoring/{tag} | horizon.monitoring-tag.destroy | Laravel\Horizon\Http\Controllers\MonitoringController@destroy | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/stats | horizon.stats.index | Laravel\Horizon\Http\Controllers\DashboardStatsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/workload | horizon.workload.index | Laravel\Horizon\Http\Controllers\WorkloadController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/{view?} | horizon.index | Laravel\Horizon\Http\Controllers\HomeController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |回答 1
Stack Overflow用户
回答已采纳
发布于 2018-04-08 12:16:52
最快的方法将是创建一个简单的中间件,如果它是特定的用户,您将在其中中止。
要创建中间件,可以使用artisan命令make:中间件。
php artisan make:middleware LimitUserIdX在新创建的文件(app/Http/中间件/LimitUserIdX.php)中,只需检查authentify用户id是否为X,如果为X,则使用错误代码403 (权限被拒绝)中止,如下所示:
public function handle($request, Closure $next)
{
$userId = Auth::id();
if($userId == 5) {
abort(403);
}
return $next($request);
}将5更改为要限制的用户。
编辑:我错过了这个问题,这是一个更正。
您应该将新创建的中间件添加到Laravel全局中间件列表中。只需转到App/Http/Kernel.php并将该类添加到$middleware var即可。这将使Laravel在应用程序的所有HTTP请求上运行您的中间件(无需将其添加到每个路由定义中)。
然后,您还需要编辑中间件本身,以便在中止之前检查请求的方法,如下所示:
public function handle($request, Closure $next)
{
$userId = Auth::id();
if(request()->method() != "GET" && request()->method() != "HEAD" && $userId == 5) {
abort(403);
}
return $next($request);
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/49717598
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号