注:上一节课忘记跟大家说了,改了模板,要记得重新生成一下缓存,执行如下指令:
php artisan view:clear上一节课特意留下了一个bug,哈哈,虽然操作的按钮入口我们屏蔽了,但是,但是,但是,我们确还是可以通过某些方法来执行ajax发送请求到后台,所以,在这里我们也需要在后台添加一下权限验证的判断,写法和前端的逻辑差不多。
添加验证方法,如下
<?php
namespace App\Http\Controllers;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Routing\Controller as BaseController;
use App\Models\Menu;
class Controller extends BaseController
{
use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
// 添加自定义的验证方法
public function checkRight($cat,$act)
{
$admin = auth('admin')->user();
$menu = new Menu($cat,$act);
$state = $admin->can('update',$menu);
return $state;
}
}
更改AdminController.php如下:
<?php
namespace App\Http\Controllers\admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Http\Requests\AdminCreateRequest;
use Illuminate\Support\Facades\Hash;
use App\Models\Admin;
use App\Models\Role;
use App\Models\AdminRole;
use Illuminate\Support\Facades\DB;
class AdminController extends Controller
{
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
//
$admins = Admin::paginate(2,['id','username']);
// 获取所有的角色
$roles = Role::all();
return view('admin.admin',['admins'=>$admins,'roles'=>$roles]);
}
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
//
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(AdminCreateRequest $request)
{
$policyState = $this->checkRight('1_11',1);
if(!$policyState){
return response()->json(['code'=>'1000','msg'=>'您没有操作权限']);
}
DB::beginTransaction();
try{
//
$username = $request->input('username');
$password = Hash::make($request->input('password'));
$role_id = $request->input('role');
$admin = new Admin();
$admin->username = $username;
$admin->password = $password;
$state = $admin->save();
$admin_id = $admin->id;
$adminRole = new AdminRole();
$adminRole->admin_id = $admin_id;
$adminRole->role_id = $role_id;
$adminRoleState = $adminRole->save();
if($state && $adminRoleState)
{
DB::commit();
return response()->json(['code'=>'200','msg'=>'添加成功']);
}
}catch(\Exception $e){
DB::rollback();
}
return response()->json(['code'=>'1000','msg'=>'添加失败']);
}
/**
* Display the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id)
{
//
}
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function edit($id)
{
//
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response
*/
public function update(AdminCreateRequest $request, $id)
{
$policyState = $this->checkRight('1_11',2);
if(!$policyState){
return response()->json(['code'=>'1000','msg'=>'您没有操作权限']);
}
$username = $request->input('username');
$password = Hash::make($request->input('password'));
$role_id = $request->input('role');
DB::beginTransaction();
try{
$state = Admin::where('id',$id)->update(['username'=>$username,'password'=>$password]);
$adminRoleState = AdminRole::where('admin_id',$id)->update(['role_id'=>$role_id]);
if($state && $adminRoleState)
{
DB::commit();
return response()->json(['code'=>'200','msg'=>'更改成功']);
}else{
DB::rollback();
}
}catch(\Exception $e){
DB::rollback();
}
return response()->json(['code'=>'1000','msg'=>'更改失败']);
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy($id)
{
$policyState = $this->checkRight('1_11',4);
if(!$policyState){
return response()->json(['code'=>'1000','msg'=>'您没有操作权限']);
}
$state = Admin::destroy($id);
//
if($state)
{
return response()->json(['code'=>'200','msg'=>'删除成功']);
}else{
return response()->json(['code'=>'1000','msg'=>'删除失败']);
}
}
// 获取某个人员具体信息
public function detail($id){
$admin=Admin::where('id',$id)->with('role:admin_id,role_id')->first(['id','username']);
if($admin)
{
return response()->json(['code'=>'200','info'=>$admin]);
}else{
return response()->json(['code'=>'1000','msg'=>'获取信息失败']);
}
}
}
更改RoleController.php如下:
<?php
namespace App\Http\Controllers\admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\Role;
use App\Models\Right;
use App\Models\AdminRole;
use App\Http\Requests\RoleAddRequest;
use Illuminate\Support\Facades\DB;
class RoleController extends Controller
{
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
//
$roles = Role::paginate(2,['id','role_name']);
return view('admin.role',['roles'=>$roles]);
}
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
//
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(RoleAddRequest $request)
{
$policyState = $this->checkRight('1_12',1);
if(!$policyState){
return response()->json(['code'=>'1000','msg'=>'您没有操作权限']);
}
// 开启事务
DB::beginTransaction();
try{
$role = new Role();
$right = new Right();
$role->role_name = $request->input('rolename');
$roleState = $role->save();
$right->role_id = $role->id;
$right->content = $request->input('content');
$rightState = $right->save();
if($roleState && $rightState)
{
DB::commit();
return response()->json(['code'=>'200','msg'=>'添加成功']);
}else{
DB::rollback();
}
}catch(\Exception $e){
DB::rollback();
}
return response()->json(['code'=>'1000','msg'=>'添加失败']);
}
/**
* Display the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id)
{
//
}
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function edit($id)
{
//
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response
*/
public function update(RoleAddRequest $request, $id)
{
$policyState = $this->checkRight('1_12',2);
if(!$policyState){
return response()->json(['code'=>'1000','msg'=>'您没有操作权限']);
}
//
// 开启事务
DB::beginTransaction();
try{
$role = Role::find($id);
$role->role_name = $request->input('rolename');
$roleState = $role->save();
$right = Right::where('role_id',$id)->first();
$right->content = $request->input('content');
$rightState = $right->save();
if($roleState && $rightState)
{
DB::commit();
return response()->json(['code'=>'200','msg'=>'添加成功']);
}else{
DB::rollback();
}
}catch(\Exception $e){
DB::rollback();
}
return response()->json(['code'=>'1000','msg'=>'添加失败']);
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy($id)
{
$policyState = $this->checkRight('1_12',4);
if(!$policyState){
return response()->json(['code'=>'1000','msg'=>'您没有操作权限']);
}
// 判断AdminRole中是否有使用此数句
$isUsedRole = AdminRole::where('role_id',$id)->first();
if($isUsedRole)
{
return response()->json(['code'=>'1000','msg'=>'此角色正在被使用']);
}
// 这里有外键关联,所以,需要先删除对应的right表里对应此外键的数据,在删除role表下的此数据
DB::beginTransaction();
try{
$right = Right::where('role_id',$id)->first();
$rightState = $right->delete();
$roleState = Role::destroy($id);
if($roleState && $rightState){
DB::commit();
return response()->json(['code'=>'200','msg'=>'删除成功']);
}
}catch(\Exception $e){
DB::rollback();
}
return response()->json(['code'=>'1000','msg'=>'删除失败']);
}
// 获取某个角色具体信息
public function detail($id){
$role = Role::where('id',$id)->with('right:content,role_id,id')->first(['id','role_name']);
if($role)
{
return response()->json(['code'=>'200','info'=>$role]);
}else{
return response()->json(['code'=>'1000','msg'=>'获取信息失败']);
}
}
}
注:
我们通过在通用的父类控制器里添加了权限判断方法checkRight,并在相应的控制器中添加判断逻辑。
拓展:你们还是否记得在表单验证AdminCreateRequest里有一个authorize方法,这里其实就是用来写这个checkRight的判断逻辑的,所以,你也可以在相应的表单验证的这个方法里写上判断逻辑,同样生效!
| 留言与评论(共有 0 条评论) “” |
