How to implement permission based navigation menu in Laravel-Laravel-php.cn

Home

PHP Framework

Laravel

How to implement permission based navigation menu in Laravel

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Nov 02, 2023 pm 06:52 PM

laravelPermissionsNavigation menu

How to implement permission based navigation menu in Laravel

As websites and applications become more and more complex, permission management becomes critical. When a user logs in through authentication, we want them to be able to access pages and features to which they have permission, but not to pages and features to which they do not have permission. This article will explain how to implement a permission-based navigation menu in Laravel so that we can easily control what the user can see.

Step 1: Install Laravel and configure the database

If you are already familiar with Laravel, you can skip this step. Otherwise follow these steps to install Laravel:

Install Composer: If you haven’t installed Composer yet, please follow the official guide to install it first.
Install Laravel: Open the terminal and use Composer to install Laravel.
```
composer global require laravel/installer
```

Configure the database: Set the database connection parameters in the .env file.

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=your_database_name
DB_USERNAME=your_username
DB_PASSWORD=your_password

Run migrations: Run database migrations to create the required tables.
```
php artisan migrate
```

Step 2: Set up routes and controllers

In this example, we will create a controller named DashboardController and define three routes for it :/dashboard, /users, /roles. Necessary permission checks can be added in the controller's constructor.

<?php

namespace AppHttpControllers;

use IlluminateHttpRequest;

class DashboardController extends Controller
{
    public function __construct()
    {
        $this->middleware(['auth', 'permissions']); // 添加授权中间件
    }

    public function index()
    {
        return view('dashboard');
    }

    public function users()
    {
        return view('users');
    }

    public function roles()
    {
        return view('roles');
    }
}

Step 3: Set permission rules

Next, we need to define permission rules. We create a file called permissions.php in which we define all the required permissions. You can modify or add more permission rules according to your business needs.

return [
    'admin' => [
        'dashboard' => true,
        'users' => true,
        'roles' => true,
    ],
    'editor' => [
        'dashboard' => true,
        'users' => false,
        'roles' => false,
    ],
    'user' => [
        'dashboard' => true,
        'users' => false,
        'roles' => false,
    ],
];

Step 4: Create middleware and register

We need to create a middleware to check the user's permissions. Create a middleware named CheckPermissions in the /app/Http/Middleware directory.

<?php

namespace AppHttpMiddleware;

use Closure;
use IlluminateSupportFacadesAuth;

class CheckPermissions
{
    public function handle($request, Closure $next)
    {
        $user = Auth::user();
        $routeName = $request->route()->getName();

        if (!$user->hasPermission($routeName)) {
            abort(403);
        }

        return $next($request);
    }
}

As you can see, the middleware gets the route name from the request and uses the Auth::user() method to check whether the user has permission to access the route. If there is no permission, a 403 Forbidden status will be returned.

Then we need to register the middleware into the application. Open the /app/Http/Kernel.php file and find the $middlewareGroups array. Add a middleware called permissions in the web array.

protected $middlewareGroups = [
    'web' => [
        // ...
        AppHttpMiddlewareCheckPermissions::class,
    ],
    // ...
];

When creating the navigation menu in the view file, we need to check whether the user has permission to access each link. Use the Auth::user() method to check whether the current user has specific permissions for a feature.

<nav>
    <ul>
        <li><a href="{{ route('dashboard') }}" @if (!Auth::user()->hasPermission('dashboard'))disabled@endif>Dashboard</a></li>
        <li><a href="{{ route('users') }}" @if (!Auth::user()->hasPermission('users'))disabled@endif>Users</a></li>
        <li><a href="{{ route('roles') }}" @if (!Auth::user()->hasPermission('roles'))disabled@endif>Roles</a></li>
    </ul>
</nav>

Step 6: Check permissions

In the user model, we define a method called hasPermission(). This method accepts a route name and then checks whether the user has access to that route.

public function hasPermission($routeName)
{
    $role = $this->role;
    $permissions = config('permissions.' . $role);

    return isset($permissions[$routeName]) && $permissions[$routeName];
}

We use the config() function to read the permission rules and check whether the user has access permission to the route. We also use the role attribute in the user model to get the role of that user.

Now we have successfully created a permission-based navigation menu that automatically disables links when the user accesses a prohibited page. Hope this article can help you master how to use Laravel to implement permission-based navigation menu.

The above is the detailed content of How to implement permission based navigation menu in Laravel. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Last Laravel version: Migration TutorialMay 14, 2025 am 12:17 AM

What new features and best practices does Laravel's migration system offer in the latest version? 1. Added nullableMorphs() for polymorphic relationships. 2. The after() method is introduced to specify the column order. 3. Emphasize handling of foreign key constraints to avoid orphaned records. 4. It is recommended to optimize performance, such as adding indexes appropriately. 5. Advocate the idempotence of migration and the use of descriptive names.

What is the Latest LTS Version of Laravel?May 14, 2025 am 12:14 AM

Laravel10,releasedinFebruary2023,isthelatestLTSversion,supportedforthreeyears.ItrequiresPHP8.1 ,enhancesLaravelPennantforfeatureflags,improveserrorhandling,refinesdocumentation,andoptimizesperformance,particularlyinEloquentORM.

Stay Updated: The Newest Features in the Latest Laravel VersionMay 14, 2025 am 12:10 AM

Laravel's latest version introduces multiple new features: 1. LaravelPennant is used to manage function flags, allowing new features to be released in stages; 2. LaravelReverb simplifies the implementation of real-time functions, such as real-time comments; 3. LaravelVite accelerates the front-end construction process; 4. The new model factory system enhances the creation of test data; 5. Improves the error handling mechanism and provides more flexible error page customization options.

Implementing Soft Delete in Laravel: A Step-by-Step TutorialMay 14, 2025 am 12:02 AM

Softleteinelelavelisling -Memptry-braceChortsDevetus -TeedeecetovedinglyDeveledTeecetteecedelave

Current Laravel Version: Check the Latest Release and UpdatesMay 14, 2025 am 12:01 AM

Laravel10.xisthecurrentversion,offeringnewfeatureslikeenumsupportinEloquentmodelsandimprovedroutemodelbindingwithenums.Theseupdatesenhancecodereadabilityandsecurity,butrequirecarefulplanningandincrementalimplementationforasuccessfulupgrade.

How to Use Laravel Migrations: A Step-by-Step TutorialMay 13, 2025 am 12:15 AM

LaravelmigrationsstreamlinedatabasemanagementbyallowingschemachangestobedefinedinPHPcode,whichcanbeversion-controlledandshared.Here'showtousethem:1)Createmigrationclassestodefineoperationslikecreatingormodifyingtables.2)Usethe'phpartisanmigrate'comma

Finding the Latest Laravel Version: A Quick and Easy GuideMay 13, 2025 am 12:13 AM

To find the latest version of Laravel, you can visit the official website laravel.com and click the "Docs" button in the upper right corner, or use the Composer command "composershowlaravel/framework|grepversions". Staying updated can help improve project security and performance, but the impact on existing projects needs to be considered.

Staying Updated with Laravel: Benefits of Using the Latest VersionMay 13, 2025 am 12:08 AM

YoushouldupdatetothelatestLaravelversionforperformanceimprovements,enhancedsecurity,newfeatures,bettercommunitysupport,andlong-termmaintenance.1)Performance:Laravel9'sEloquentORMoptimizationsenhanceapplicationspeed.2)Security:Laravel8introducedbetter

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Nordhold: Fusion System, Explained

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.