Laravel 中间件总是返回 false

【问题标题】:Laravel middlewares always return falseLaravel 中间件总是返回 false
【发布时间】:2018-01-25 16:19:50
【问题描述】:

我创建了 4 个中间件:1 个用于检查用户是否是管理员之一(role_id !='4'),1 个用于超级管理员(role_id==1),1 个用于普通管理员(role_id==2)和 1对于编辑管理员(role_id ==3)

我的用户表有一个role_id 列。

检查用户的中间件是工作的管理员之一。但是其他中间件总是返回 false。

我的路线

Route::group(['middleware'=>'admin'],function(){
    Route::get('/backlogout','backend\BackloginController@getLogout')->name('back-logout');
    Route::get('/dashboard','BackendController@index')->name('backend');
    Route::group(['prefix' => 'categories', 'middleware' => ['superadmin', 'ad','editor']], function () {
        Route::get('/index', ['as' => 'back.categories.index', 'uses' => 'backend\CategoriesController@index']);
        Route::any('/store', ['as' => 'back.categories.store', 'uses' => 'backend\CategoriesController@store']);
        Route::any('/create', ['as' => 'back.categories.create', 'uses' => 'backend\CategoriesController@create']);
        Route::any('/edit/{id}', ['as' => 'back.categories.edit', 'uses' => 'backend\CategoriesController@edit']);
        Route::any('/update/{id}', ['as' => 'back.categories.update', 'uses' => 'backend\CategoriesController@update']);
        Route::any('/destroy/{id}', ['as' => 'back.categories.destroy', 'uses' => 'backend\CategoriesController@destroy']);
    });
    Route::group(['prefix' => 'products','middleware' => ['superadmin','editor']], function () {
        Route::get('/index', ['as' => 'back.products.index', 'uses' => 'backend\ProductsController@index']);
        Route::any('/store', ['as' => 'back.products.store', 'uses' => 'backend\ProductsController@store']);
        Route::any('/create', ['as' => 'back.products.create', 'uses' => 'backend\ProductsController@create']);
        Route::any('/edit/{id}', ['as' => 'back.products.edit', 'uses' => 'backend\ProductsController@edit']);
        Route::any('/update/{id}', ['as' => 'back.products.update', 'uses' => 'backend\ProductsController@update']);
        Route::any('/imgview/{id}', ['as' => 'back.products.imgview', 'uses' => 'backend\ProductsController@imgview']);
        Route::any('/updateimg/{id}', ['as' => 'back.products.updateimg', 'uses' => 'backend\ProductsController@updateImg']);
        Route::any('/destroy/{id}', ['as' => 'back.products.destroy', 'uses' => 'backend\ProductsController@destroy']);
    });
    Route::group(['prefix' => 'users','middleware' => ['superadmin', 'ad']], function () {
        Route::get('/index', ['as' => 'back.users.index', 'uses' => 'backend\UsersController@index']);
        Route::any('/store', ['as' => 'back.users.store', 'uses' => 'backend\UsersController@store']);
        Route::any('/create', ['as' => 'back.users.create', 'uses' => 'backend\UsersController@create']);
        Route::any('/edit/{id}', ['as' => 'back.users.edit', 'uses' => 'backend\UsersController@edit']);
        Route::any('/update/{id}', ['as' => 'back.users.update', 'uses' => 'backend\UsersController@update']);
        Route::any('/destroy/{id}', ['as' => 'back.users.destroy', 'uses' => 'backend\UsersController@destroy']);
    });
});

我的内核.php

protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'admin'=>\App\Http\Middleware\CheckAdmin::class,
        'superadmin'=>\App\Http\Middleware\CheckSuperAdmin::class,
        'ad'=>\App\Http\Middleware\CheckAd::class,
        'editor'=>\App\Http\Middleware\CheckEditor::class,
    ];

我的 checkadmin(检查用户是否是管理员之一)中间件这个工作

class CheckAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id !='4'){
            return $next($request);
        }
        return redirect()->route('backend-login');
    }
}

我的 checksuperadmin 中间件

class CheckSuperAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id =='1'){
            return $next($request);
        }
        Session::flash('notsuper','only super admin can access this page');
        return redirect()->route('backend');

    }
}

我的 checkad(检查普通管理员)中间件

class CheckAd
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id =='2'){
            return $next($request);
        }
        Session::flash('notadmin','only admin can access this page');
        return redirect()->route('backend');

    }
}

我的检查编辑器中间件

class CheckEditor
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id =='3'){
            return $next($request);
        }
        Session::flash('noteditor','only editor can access this page');
        return redirect()->route('backend');

    }
}

我不知道为什么,但是所有的 checksuperadmin、checkadm、checkeditor 总是返回 false

【问题讨论】:

  • 你有多个角色ID的同一个用户吗??
  • 不,我不是每个用户只有 1 个 role_id

标签: php laravel-5 middleware


【解决方案1】:

您正在对所有路由组应用多个中间件。在这种情况下,Laravel 仅在用户满足所有条件时才授予您访问权限。尝试做这样的事情:

class CheckEditor {
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id <='3')
            //do something
    }
}
class CheckAd {
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id <='2')
            //do something
    }
}

并且在您的路由组中使用单个中间件: 对于“编辑”和更高的访问级别:

Route::group(['middleware' => 'editor'], function () {
    //place your routes here
});

... 等其他访问级别。仅当您希望仅授予此权限时,才在角色中间件中使用 ==

【讨论】:

    【解决方案2】:

    从第一组中删除中间件。

    Route::group(['prefix' => 'categories', 'middleware' => ['superadmin', 'ad','editor']], function () {
    Route::get('/index', ['as' => 'back.categories.index', 'uses' => 'backend\CategoriesController@index']);
    Route::any('/store', ['as' => 'back.categories.store', 'uses' => 'backend\CategoriesController@store']);
    Route::any('/create', ['as' => 'back.categories.create', 'uses' => 'backend\CategoriesController@create']);
    Route::any('/edit/{id}', ['as' => 'back.categories.edit', 'uses' => 'backend\CategoriesController@edit']);
    Route::any('/update/{id}', ['as' => 'back.categories.update', 'uses' => 'backend\CategoriesController@update']);
    Route::any('/destroy/{id}', ['as' => 'back.categories.destroy', 'uses' => 'backend\CategoriesController@destroy']);
});
Route::group(['prefix' => 'products','middleware' => ['superadmin','editor']], function () {
    Route::get('/index', ['as' => 'back.products.index', 'uses' => 'backend\ProductsController@index']);
    Route::any('/store', ['as' => 'back.products.store', 'uses' => 'backend\ProductsController@store']);
    Route::any('/create', ['as' => 'back.products.create', 'uses' => 'backend\ProductsController@create']);
    Route::any('/edit/{id}', ['as' => 'back.products.edit', 'uses' => 'backend\ProductsController@edit']);
    Route::any('/update/{id}', ['as' => 'back.products.update', 'uses' => 'backend\ProductsController@update']);
    Route::any('/imgview/{id}', ['as' => 'back.products.imgview', 'uses' => 'backend\ProductsController@imgview']);
    Route::any('/updateimg/{id}', ['as' => 'back.products.updateimg', 'uses' => 'backend\ProductsController@updateImg']);
    Route::any('/destroy/{id}', ['as' => 'back.products.destroy', 'uses' => 'backend\ProductsController@destroy']);
});
Route::group(['prefix' => 'users','middleware' => ['superadmin', 'ad']], function () {
    Route::get('/index', ['as' => 'back.users.index', 'uses' => 'backend\UsersController@index']);
    Route::any('/store', ['as' => 'back.users.store', 'uses' => 'backend\UsersController@store']);
    Route::any('/create', ['as' => 'back.users.create', 'uses' => 'backend\UsersController@create']);
    Route::any('/edit/{id}', ['as' => 'back.users.edit', 'uses' => 'backend\UsersController@edit']);
    Route::any('/update/{id}', ['as' => 'back.users.update', 'uses' => 'backend\UsersController@update']);
    Route::any('/destroy/{id}', ['as' => 'back.users.destroy', 'uses' => 'backend\UsersController@destroy']);
});

    【讨论】:

      猜你喜欢
      • 2019-06-28
      • 2018-01-07
      • 2016-07-19
      • 2017-04-01
      • 2014-02-25
      • 1970-01-01
      • 2016-09-12
      • 2017-05-24
      • 2013-06-11
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode