$ php artisan make:model Role -m
migration file: user
1 2 3 4 5 6 7 8 9 | Schema::create( 'users' , function (Blueprint $table ) { $table ->increments( 'id' ); $table ->integer( 'role_id' ); $table ->string( 'name' ); $table ->string( 'email' )->unique(); $table ->string( 'password' ); $table ->rememberToken(); $table ->timestamps(); }); |
migration file: role
1 2 3 4 5 | Schema::create( 'roles' , function (Blueprint $table ) { $table ->increments( 'id' ); $table ->string( 'name' ); $table ->timestamps(); }); |
$ php artisan migrate:refresh
Model: Role.php
1 2 3 | protected $fillable = [ 'name' ]; |
Model: User.php
1 2 3 | public function role(){ return $this ->belongsTo( 'App\Role' ); } |
$ php artisan make:middleware IsAdmin
Kernel.php
1 2 3 4 5 6 7 8 9 | protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate:: class , 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth:: class , 'can' => \Illuminate\Foundation\Http\Middleware\Authorize:: class , 'guest' => \App\Http\Middleware\RedirectIfAuthenticated:: class , 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests:: class , 'role' =>\App\Http\Middleware\RoleMiddleware:: class , 'IsAdmin' =>\App\Http\Middleware\IsAdmin:: class , ]; |
insert into roles (name) values (‘administrator’);
insert into roles (name) values (‘subscriber’);
update users set role_id=1 where id=1;
User.php
1 2 3 4 5 6 7 | public function isAdmin(){ if ( $this ->role->name == 'administrator' ){ return true; } return false; } |
Route
1 2 3 4 5 6 7 8 9 | Route::get( '/' , function () { $user = Auth::user(); if ( $user ->isAdmin()){ echo "this user is adminstrator" ; } // return view('welcome'); }); |
うまく権限の判定が上手く動いていたのを確認します
Middleware:IsAdmin.php
1 2 3 4 5 6 7 8 9 10 11 12 | use Illuminate\Support\Facades\Auth; public function handle( $request , Closure $next ) { $user = Auth::user(); if ( $user ->isAdmin()){ return redirect()->intended( '/admin' ); } return $next ( $request ); } |
Route
1 | Route::get( '/admin' , 'AdminController@index' ); |
$ php artisan make:controller AdminController
Controller:AdminController.php
1 2 3 4 5 6 7 8 9 10 | class AdminController extends Controller { public function __construct(){ $this ->middleware( 'IsAdmin' ); } public function index(){ return "you are an administrator because you are seeing this page" ; } } |
Middleware:IsAdmin.php
1 2 3 4 5 6 7 8 9 10 11 12 | use Illuminate\Support\Facades\Auth; public function handle( $request , Closure $next ) { $user = Auth::user(); if (! $user ->isAdmin()){ return redirect()->intended( '/' ); } return $next ( $request ); } |
ロールを変更して、リダイレクトされるか確認します。
update users set role_id=2 where id=1;
ロールによって、表示を切り分けたいページのControllerでは、上記のように、AdminControllerで$this->middleware(‘IsAdmin’);の判定を行うか、もしくは、以下のようにルーティングでミドルウェアの判定を行います。
1 2 3 4 | Route::get( '/admin/user/roles' , [ 'middleware' =>[ 'IsAdmin' ,], function (){ return "Middleware role" ; }]); |
出し分ける場合、Controllerで毎回if文を書くのではなく、middlewareに関数を書いて、それを読み込むのですね。
ロールを別テーブルでbelongsToとしていますが、ロールがUserテーブルの場合でも、ロジックは同じだと思います。