Laravel ACL與委託，如何保護路線，控制器方法

Question

如果用戶具有路線權限，如何與Entrust進行覈對。

我在權限表有一個路由域和行動

例如

can_update_profile, can_delete_profile, can_see_profile

的比有我加入到每一個privilleges比我試過的角色名稱如果用戶具有訪問控制器方法但失敗的能力，則實現檢查路由的中間件。

委託can解釋所有的請求免費訪問

這裏是我的中間件

<?php 

namespace App\Http\Middleware; 

use Closure; 
use App\Permission; 
use Illuminate\Contracts\Auth\Guard; 
use Route; 

class AuthorizeRoute 
{ 

    public function __construct(Guard $auth) 
    { 
     $this->auth = $auth; 
    } 

    /** 
    * Handle an incoming request. 
    * 
    * @param \Illuminate\Http\Request $request 
    * @param \Closure $next 
    * @return mixed 
    */ 
    public function handle($request, Closure $next) 
    { 

     $user = $this->auth->user(); 
     $permissions = Permission::all(); 

     //dd($user); 
     $uri = $request->route()->uri(); 


     foreach ($permissions as $permission) { 

      if (!$user->can($permission->name) && $permission->route === $uri) { 
       //var_dump($user->can($permission->name)); 
       abort(403); 
      } 
     } 

     return $next($request); 
    } 
} 

Answer 1

我不能對此進行測試，但我的猜測是，你應該寫handle()這樣

public function handle($request, Closure $next) 
{ 
    $user = $this->auth->user(); 
    $permissions = Permission::all(); 

    $uri = $request->route()->uri(); 

    foreach ($permissions as $permission) { 
     // reordered expression order to skip calling $user->can() 
     // for routes that don't match 
     if ($permission->route === $uri && $user->can($permission->name)) { 
      // allow access only if it's a match 
      return $next($request); 
     } 
    } 

    // nothing matched, abort 
    abort(403); 
}