Laravel 5.2 管理仪表板

Question

需要一些 laravel 大师的帮助。 我想做管理员帐户登录和仪表板。

开箱即用的 laravel 提供表 users 的身份验证。我添加了表格roles 和一列users(role_id)，所以我可以区分用户。 许多小时的搜索并没有帮助，因为在大多数情况下，使用两个表为不同的用户复制本机身份验证是一种愚蠢的方式。

内核.php

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
    ],
    'api' => [
        'throttle:60,1',
    ],
    'admin' => [
        'web',
        'auth',
    ],
];

routes.php

Route::group(['middleware' => 'admin'], function () {
    Route::get('admin', 'LoginController@showLoginForm');
    Route::post('admin', 'LoginController@authenticate');

    Route::get('dashboard', function () {
        return view('admin.dashboard');
    });
});

LoginController.php

public function showLoginForm()
{
    return view('admin.login');
}

public function authenticate(Request $request)
{
    $credential = [
        'email' => $request['email'],
        'password' => $request['password']
    ];

    if (Auth::attempt($credential) && $this->authAdmin($credential['email']))
    {
        //SOMETHING I DONT KNOW YET
        //BUT THEN
        return redirect()->route('dashboard');
    }
}

protected function authAdmin($email = null)
{
    $user = User::where('email', $email)->first();

    if ($user->role_id == '2')
    {
        return true;
    }
    return false;
}

当我去/dashboard 时，我看到了基本的登录表单，当我输入凭据时，我被登录，但会话与简单用户相同。我不确定我的 LoginController 方法。问题是：如何区分会话以创建管理员帐户？关于上述代码的一些建议。

Answer 1

我已经很接近了。所以这是我自己的问题的解决方案。

首先我添加了检查角色到用户模型的方法User.php

就我而言，它看起来像

public function isAdmin() {
    $st = false;
    if ($this->role_id == 2) {
        $st = true;
    }
    return $st;
}

然后我创建了中间件 IsAdmin.php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class IsAdmin
{
    public function handle($request, Closure $next)
    {
        if (Auth::check() && Auth::user()->isAdmin()) { //check the proper role
            return $next($request);
        }
        else {
            return response()
                ->view('admin.forbidden')
                ->header('Content-Type', 'text/html');
        }
    }
}

接下来我编辑了Kernel.php

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'admin' => \App\Http\Middleware\IsAdmin::class, //my middleware
];

routes.php 看起来像

Route::group(['middleware' => 'web'], function () {

    Route::group(['middleware' => 'admin'], function() {
        Route::get('/dashboard', 'LoginController@dashboard');
    });
});

和LoginController.php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

use App\Http\Requests;
use Auth;

class LoginController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth');
    }

    public function dashboard()
    {
        return view('admin.dashboard');
    }
}

您可以通过这种方式简单地限制或允许对任何角色执行操作。我希望这会对某人有所帮助。