您可以使用中間件,如:
Route::group([ 'middleware' => ['Admin', 'Clients', 'Employee'] ], function(){
Route::get('/Admin', '[email protected]');
Route::get('/Clients', '[email protected]');
Route::get('/Employee', '[email protected]');
});
舉例來說,我有一個管理的中間件來檢查,如果用戶ID爲1
<?php
namespace App\Http\Middleware;
use Closure;
use Auth;
use Log;
class AuthAdmin
{
private $admins; // Admin ids
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->admins = config('custom.admins'); // get configs
$user = Auth::user();
if($user->id != 1)){
// not admin, redirect home
return redirect('/');
}
// is admin, let request continue
return $next($request);
}
}
然後,你必須將它添加到Kernel.php「 $ routeMiddleware「:
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
// Custom Middleware
// Auth Admin
'auth_admin' => \App\Http\Middleware\AuthAdmin::class,
];
然後在我的路線:
Route::group([ 'middleware' => ['auth_admin'] ], function(){
// nobody can come to these routes but admins
Route::get('/admin/index', '[email protected]');
});
我認爲你正試圖使用警衛來實施策略。你的用例應該使用一個策略。 –
不,我沒有實施政策 –
警衛是爲了認證,而政策是爲了授權。換句話說,您可以使用警衛來使用JWT for API,並使用網絡的正常認證。但是,根據您的示例對於不同的訪問權限,這是授權,可以由策略完成。 –