Laravel 默认的 auth 用户认证可以设置访问权限,这在实际项目中很有用.
我们可以使用 Auth 中间件提供的 auth
属性和 guest
选项来实现这个功能.
比如项目中有个 SessionsController
是进行用户回话管理的,如下:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use phpDocumentor\Reflection\Types\This;
class SessionsController extends Controller
{
/**
* SessionsController constructor.
*/
public function __construct()
{
$this->middleware('guest', [
'only' => ['create']
]);
}
public function create()
{
return view('sessions.create');
}
public function store(Request $request)
{
$credentials = $this->validate($request, [
'email' => 'required|email|max:255',
'password' => 'required'
]);
if (Auth::guard()->attempt($credentials, $request->has('remember'))) {
// 登录成功后的操作
session()->flash('success', '欢迎回来!');
return redirect()->intended('users.show', [Auth::user()]);
} else {
// 登录失败后的操作
session()->flash('danger', '很抱歉,您的邮箱和密码不匹配');
return redirect()->back();
}
}
public function destroy()
{
Auth::logout();
session()->flash('success', '退出成功!');
return redirect('login');
}
}
这里的构造函数中的 guest
选项就是 Auth 中间件提供的,用于指定一些只允许未登录用户访问的动作.
再如有个 UsersController
用来实现用户管理
<?php
namespace App\Http\Controllers;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class UsersController extends Controller
{
/**
* UsersController constructor.
*/
public function __construct()
{
$this->middleware('auth', [
'except' => [
'show',
'create',
'store'
]
]);
}
public function create()
{
return view('users.create');
}
public function show(User $user)
{
return view('users.show', compact('user'));
}
public function store(Request $request)
{
$this->validate($request, [
'name' => 'required|max:50',
'email' => 'required|email|unique:users|max:255',
'password' => 'required|confirmed|min:6'
]);
$user = User::create([
'name' => $request->input("name"),
'email' => $request->email,
'password' => bcrypt($request->input('password'))
]);
Auth::login($user);
session()->flash('success', '欢迎,您将在这里开启一段新的旅程~');
return redirect()->route('users.show', [$user]);
// 等同于
// return redirect()->route('users.show', [$user->id]);
}
public function edit(User $user)
{
$this->authorize('update', $user);
return view('users.edit', compact('user'));
}
public function update(User $user, Request $request)
{
$this->validate($request, [
'name' => 'required|max:50',
'password' => 'nullable|confirmed|min:6'
]);
$this->authorize('update', $user);
$data = [];
$data['name'] = $request->name;
if ($request->input('password')) {
$data['password'] = $request->password;
}
$user->update($data);
session()->flash('success', '个人资料更新成功!');
return redirect()->route('users.show', $user);
}
}
UsersController
中的构造函数使用的 auth
属性来对控制器的一些动作进行过滤,只允许已登录用户访问.