Home >PHP Framework >Laravel >How to implement permission based navigation menu in Laravel
As websites and applications become more and more complex, permission management becomes critical. When a user logs in through authentication, we want them to be able to access pages and features to which they have permission, but not to pages and features to which they do not have permission. This article will explain how to implement a permission-based navigation menu in Laravel so that we can easily control what the user can see.
If you are already familiar with Laravel, you can skip this step. Otherwise follow these steps to install Laravel:
Install Laravel: Open the terminal and use Composer to install Laravel.
composer global require laravel/installer
Configure the database: Set the database connection parameters in the .env file.
DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=your_database_name DB_USERNAME=your_username DB_PASSWORD=your_password
Run migrations: Run database migrations to create the required tables.
php artisan migrate
In this example, we will create a controller named DashboardController and define three routes for it :/dashboard, /users, /roles. Necessary permission checks can be added in the controller's constructor.
<?php namespace AppHttpControllers; use IlluminateHttpRequest; class DashboardController extends Controller { public function __construct() { $this->middleware(['auth', 'permissions']); // 添加授权中间件 } public function index() { return view('dashboard'); } public function users() { return view('users'); } public function roles() { return view('roles'); } }
Next, we need to define permission rules. We create a file called permissions.php in which we define all the required permissions. You can modify or add more permission rules according to your business needs.
return [ 'admin' => [ 'dashboard' => true, 'users' => true, 'roles' => true, ], 'editor' => [ 'dashboard' => true, 'users' => false, 'roles' => false, ], 'user' => [ 'dashboard' => true, 'users' => false, 'roles' => false, ], ];
We need to create a middleware to check the user's permissions. Create a middleware named CheckPermissions in the /app/Http/Middleware directory.
<?php namespace AppHttpMiddleware; use Closure; use IlluminateSupportFacadesAuth; class CheckPermissions { public function handle($request, Closure $next) { $user = Auth::user(); $routeName = $request->route()->getName(); if (!$user->hasPermission($routeName)) { abort(403); } return $next($request); } }
As you can see, the middleware gets the route name from the request and uses the Auth::user() method to check whether the user has permission to access the route. If there is no permission, a 403 Forbidden status will be returned.
Then we need to register the middleware into the application. Open the /app/Http/Kernel.php file and find the $middlewareGroups array. Add a middleware called permissions in the web array.
protected $middlewareGroups = [ 'web' => [ // ... AppHttpMiddlewareCheckPermissions::class, ], // ... ];
When creating the navigation menu in the view file, we need to check whether the user has permission to access each link. Use the Auth::user() method to check whether the current user has specific permissions for a feature.
<nav> <ul> <li><a href="{{ route('dashboard') }}" @if (!Auth::user()->hasPermission('dashboard'))disabled@endif>Dashboard</a></li> <li><a href="{{ route('users') }}" @if (!Auth::user()->hasPermission('users'))disabled@endif>Users</a></li> <li><a href="{{ route('roles') }}" @if (!Auth::user()->hasPermission('roles'))disabled@endif>Roles</a></li> </ul> </nav>
In the user model, we define a method called hasPermission(). This method accepts a route name and then checks whether the user has access to that route.
public function hasPermission($routeName) { $role = $this->role; $permissions = config('permissions.' . $role); return isset($permissions[$routeName]) && $permissions[$routeName]; }
We use the config() function to read the permission rules and check whether the user has access permission to the route. We also use the role attribute in the user model to get the role of that user.
Now we have successfully created a permission-based navigation menu that automatically disables links when the user accesses a prohibited page. Hope this article can help you master how to use Laravel to implement permission-based navigation menu.
The above is the detailed content of How to implement permission based navigation menu in Laravel. For more information, please follow other related articles on the PHP Chinese website!