With respect to permissions, I just want to say it’s complicated, complicated, complicated. But I can handle it after… Let’s take a look at permission management. Look at the picture:
1. So how? First we need to modify the service, specifically the appproviderAuthServiceProvider.php file, to complete the Gate rules.
We’ll use two static methods of Gate here. There’s Gate:: Define (), and Gate:: Denies (). We’ll see. Let’s look at the service file. First, check the boot method
public function boot(a) {
$this->registerPolicies(); / / register
// Call this function to get a list of all menu actions like the one above
$permissions = $this->get_permissions(); I'll write the function down here}public function get_permissions(a) {
return Permission::with('roles')->get(); // Find the associated user group
}
Copy the code
Let’s print out the $Permissions
It doesn’t matter if you’re not clear, keep looking at the code above
public function boot(a) {
$this->registerPolicies(); / / register
// Call this function to get a list of all menu actions like the one above
$permissions = $this->get_permissions(); Let me write the function down here// Define Gate rules
foreach($permissions as $permission) {// Perform a traversal to grant authorization rules
//$user refers to the current user user model instance. Call the has_Permission method
if(Gate::define($permission->name, function($user) use($permission)) {
return $user->has_permission($permission);
// This function is used to determine whether the current user has the permission,
// Whether the user group corresponding to the current user has an intersection with the user group corresponding to the permission.}}})Copy the code
The problem is Gate::define ().
//Gate::define(arg1, arg2) accepts two parameters arg1, arg2.
//arg1 is the name of the permission to determine.
Arg2 is a Boolean, that is, arg2 must return a bool.
// We're getting all Boolean false with Gate::denies(arg1).
Copy the code
Let’s take a look at the has_permission method in the User model and see that it also passes an $permission.
public function has_permission($permissions) {
// Get the user group owned by the current user:
$user_role = $this->roles; // If you have written a many-to-many association belongsToMany
// Get the lookup group of the passed $permission
$query_role = $permission->roles; // Same as above provided you write the correlation method.
// Next, we just need to determine whether the two intersect.
// The current user has the permission as long as one of the user groups is the same as the corresponding user group.
return!!!!! $query_role->intersect($user_role)->count();// Two exclamation marks can directly convert numbers into Boolean values.
}
Copy the code
Ok, so all permissions are judged, and the Gate:: Define method is documented. Our service is provided in config/app.php, so you don’t need to write it in config/app.php. Next, we write middleware. Let’s call it role-php
PHP artisan make: Middleware Role First you need to know that return $next($request) means permission to access the address. Ok, look at the code.
use Route.URL.Auth.Gate// Take what you need firstusethepublic function handle($request.Closure $next) {// return the variable $from the previous pagepreviousUrl = URL: :previous(a);// Easy to remember, right
// If the current user is the super administrator, then all permissions are skipped
if(Auth::user()->roles->contains('name'.'Super Administrator')) {
return $next($request);
}
// Contains is a method of the collection to see if there is any ['name'=>' super administrator '] inside
// If you want to access the background page, you can also ignore the permission
if(Route::currentRouteName() == 'admin.index') {
/ / the Route: : currentRouteName () = "current users access the web address of the router alias
return $next($request);
}
// The Gate permission is invoked
// if the value of the field defined by the rule is false, then the condition is satisfied
if(Gate::denies(Route::currentRouteName)) {
// Check whether it is an Ajax request
if($request->ajax() && ($request->getMethod() ! ='GET')) {
// All methods that meet these two conditions must be accessed in the background
return response()->json([
'status'= >0.'code'= >403.'msg'= >'You do not have permission to perform this operation ~'])}else {
// Jump to page 403 and you should know the use of this variable on the previous page
return response()->view('admin.errors.403', compact('previousUrl')); }}}Copy the code
Oh, my god, finally finished with middleware. Register in kernel.php. Then don’t forget to prefix the routing group with the middleware alias. Something like this…
Response () method, contains() method
On the left side of the menu show hide click to follow the highlighted part is still to be continued…