how to guard a controller through multiple of user

2020-08-01 06:37发布

问题:

It is project requirement. where i have multiple logins but some user can not access few module. like super admin and analyst can access all module but developer can only use own controller.

so in this case , how can i guard a controller with multiple logins. also note that i have separate login page and table into Database.

for Example phonebookController can be access by super admin and analyst but not by developers. so please tell me how can i implement this?

i use this for ::

if( Auth::guard('superAdmin')->check() )
 {   $author =Auth::guard('superAdmin')->User()->id ;  }
  else  if( Auth::guard('analysts')->check() )
 {   $author =Auth::guard('analysts')->User()->id;   }
 else
 {  $author =Auth::guard('supervisor')->User()->id    }

i want to use this into constructor method of class

回答1:

Here is my implementation for access control for admin and users(agents in my case) I have a boolean field in my user table(is_admin) which is 0 for normal users and 1 for admins. so in my User model I did this

    protected $casts = [
        'is_admin' => 'boolean',
    ];

  public function isAdmin()
    {
            return $this->is_admin;
    }

Create a new middleware for the type of roles u want using

php artisan make:middleware Admin

php artisan make:middleware Agent

The middleware files will be created in App\Http\Middleware\ add this to class inside Admin.php

public function handle($request, Closure $next)
{

    if ( Auth::check() && Auth::user()->isAdmin() )
    {
        return $next($request);
    }

    return redirect('/agent');

}

and this to Agent.php

    public function handle($request, Closure $next)
{

    if ( Auth::check() && !Auth::user()->isAdmin() )
    {
        return $next($request);
    }

    return redirect('/home');

}

After this register your middleware with laravel to do this add this to protected $routeMiddleware in your Kernel.php which is located at app\Http\Kernel.php

'admin' => 'App\Http\Middleware\Admin',
'agent' => 'App\Http\Middleware\Agent',

make sure to create proper routes for redirection as we've mentioned in our middleware files. after this you are almost done. Now to verify if a user is admin or normal user add this to the constructor method of your controller.

Actions allowed only for admin users

    public function __construct()
{   

    $this->middleware('auth');
    $this->middleware('admin');
}

Action allowed only for normal users

public function __construct() {

$this->middleware('auth');
$this->middleware('agent');

}