laravel后台实现权限管理(分权)
先创建角色(角色分配不一样的模块分配权利),在创建管理员,赋予对应的角色,从而实现后台的权限管理
建表
管理员表(admin),存放管理员:
迁移文件 admins:
public function up()
{
Schema::create('admins', function (Blueprint $table) {
$table->increments('id');
$table->string('name')->comment('昵称');
$table->string('mobile',20)->unique();
$table->string('password')->comment('密码');
$table->unsignedTinyInteger('status')->default(1)->comment('状态:默认为1,**');
$table->string('api_token',64)->nullable()->comment('登录验证');
$table->softDeletes();
$table->timestamps();
$table->rememberToken();
});
}
管理员角色表(admin_roles),存放管理员id和角色Id
迁移文件 admin_role
public function up()
{
Schema::create('admin_role', function (Blueprint $table) {
$table->integer('admin_id');
$table->integer('role_id');
});
}
设置角色表(roles),来区分管理员充当的角色:
迁移文件 roles:
public function up()
{
Schema::create('roles', function (Blueprint $table) {
$table->increments('id');
$table->string('name')->comment('角色名称');
$table->string('display')->comment('显示名称');
$table->softDeletes();
$table->timestamps();
});
}
创建权限角色表(permission_role),什么角色对应什么模块的访问权
迁移文件permission_role
public function up()
{
Schema::create('permission_role', function (Blueprint $table) {
$table->string('permission_id')->comment('模块内容');
$table->integer('role_id')->comment('角色id');
});
}
创建模型层
admin模型 Admin
<?php
namespace App;
use App\Http\Traits\AuthAdminTrait;
use App\Http\Traits\Searchable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Admin extends Authenticatable
{
//
use AuthAdminTrait;
use Searchable;
protected $fillable = [
'name', 'mobile', 'password','status','api_token'
];
protected $hidden = [
'password'
];
public function roles(){
return $this->belongsToMany(Role::class);
}
}
admin_role模型 AdminRole
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class AdminRole extends Model
{
//
protected $table = 'admin_role';
protected $fillable = [
'role_id', 'admin_id',
];
}
permission_role模型 PermissionRole
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class PermissionRole extends Model
{
//
protected $table = 'permission_role';
protected $fillable = [
'permission_id','role_id',
];
}
role模型 Role
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\SoftDeletes;
class Role extends Model
{
//
use SoftDeletes;
protected $fillable = [
'name', 'display', 'created_at', 'updated_at', 'deleted_at',
];
public function permissions(){
return $this->belongsToMany(Permission::class);
}
public function admins(){
return $this->belongsToMany(Admin::class);
}
public function pivots(){
return $this->hasMany(PermissionRole::class);
}
public function isAdminRole(){
return $this->name === Admin::$role_admin;
}
}
控制器
管理员控制(admin)
<?php
namespace App\Http\Controllers\Admin;
use App\Admin;
use App\Role;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use validate;
class AdminController extends Controller
{
//管理员列表
public function index(){
$search_items = [
'name' => [
'type' => 'like',
'form' => 'text',
'label' => '姓名',
],
'mobile' => [
'type' => 'like',
'form' => 'text',
'label' => '手机号',
],
'created_at' => [
'type' => 'date',
],
];
$data = Admin::latest()
->search($search_items)
->paginate();
$roles =Role::get();
return view('admin.admin.index',compact('data','roles'));
}
//管理员编辑页面
public function edit(Request $request,$id){
$data = Admin::with('roles')->findOrFail($id);
$roles = Role::get();
return view('admin.admin.edit',compact('data','roles'));
}
//管理员更新
public function update(Request $request,$id){
$admin = Admin::findOrFail($id);
//进行验证
$this->validate($request,[
'mobile'=>'required|unique:admin,mobile'.$admin->id,
'name'=>'required'
]);
$admin->mobile = $request->get('mobile');
$admin->name = $request->get('name');
$admin->save();
$admin->roles()->sync($request->get('roles'));
return redirect()->route('admin.admin.index')->with('msg','编辑成功');
}
//添加管理员验证
public function store(Request $request){
$this->validate($request,[
'password'=>'required|min:6|max:18',
'mobile'=>'required|unique:admins,mobile',
'name'=>'required'
]);
$admin = Admin::create([
'password'=>bcrypt($request->get('password')),
'mobile'=>$request->get('mobile'),
'name'=>$request->get('name'),
]);
$admin->roles()->sync($request->get('roles'));
return back()->with('msg','添加成功!');
}
//管理员详情
public function show($id){
$data = Admin::findOrFail($id);
return view('admin.admin.show',compact('data'));
}
//删除管理员
public function destroy($id){
$data = Admin::findOrFail($id);
if($data->hasRole('admin')){
return back()->withErrors('msg','不能删除管理员');
}
$data->roles()->detach();
$data->delete();
return back()->with('msg','删除成功!');
}
}
角色控制器(role)
<?php
namespace App\Http\Controllers\Admin;
use App\Admin;
use App\Role;
use App\Services\WebServices\PermissionService;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
class RoleController extends Controller
{
//角色列表
public function index(){
$data = Role::latest()->get();
return view('admin.role.index',compact('data'));
}
//创建角色
public function create(){
$routes_groups = PermissionService::getAdminRoutesGroups();
// dd($routes_groups);
return view('admin.role.create',compact('routes_groups'));
}
//验证添加角色
public function store(Request $request){
$input = $request->all();
//验证判断
$rules = [
'name'=>'required|unique:roles,name',
'display'=>'required',
'permissions'=>'required',
];
$this->validate($request,$rules);
$role = Role::create([
'name'=>$input['name'],
'display'=>$input['display'],
]);
$role->permissions()->sync($input['permissions']);
return redirect()->route('admin.role.index')->with('msg','添加成功!');
}
//编辑角色
public function edit($id){
$routes_groups = PermissionService::getAdminRoutesGroups();
$role = Role::findOrFail($id);
$permissions = $role->pivots()->pluck('permission_id')->all();
return view('admin.role.edit',compact('role','routes_groups','permissions'));
}
//更新角色
public function update(Request $request,$id){
$role = Role::findOrFail($id);
$input = $request->all();
$rules = [
'name' => 'required|unique:roles,name,' . $role->id,
'display' => 'required',
'permissions' => 'required',
];
$this->validate($request, $rules);
$role->name = $input['name'];
$role->display = $input['display'];
$role->save();
$role->permissions()->sync($input['permissions'] ?? []);
return redirect(route('admin.role.index'))->with('msg', '角色编辑成功');
}
//删除角色
public function destroy(Request $request, $id)
{
$role = Role::findOrFail($id);
$role->permissions()->detach();
$role->forceDelete();
return back()->with('msg', '角色删除成功');
}
private function getAdminRoutesGroups()
{
// 获取组名映射表
$groups_map = PermissionService::getPermissionGroupsMap();
// 获取或有路由
$all_routes = app()['router']->getRoutes()->getRoutesByName();
// 过滤总后台路由
$admin_routes = array_filter($all_routes, function ($route) {
return $route->getPrefix() === 'admin';
});
$routes_groups = [];
// 按模块分组
foreach ($admin_routes as $route) {
$group = $route->action['group'] ?? false;
// 过滤指定组
if ($group && array_key_exists($group, $groups_map)) {
$routes_groups[$group][] = $route;
}
}
return $routes_groups;
}
}
创建角色的时候,就会放到一个接口PermissionService
存放位置:
创建角色的时候,就会调用到这个接口
先看这个接口代码:
<?php
namespace App\Services\WebServices;
use App\AdminLinks;
use App\Http\Controllers\Channel\ChannelCommonController;
use App\PayrollOrder;
use App\SettleAccountLog;
use App\UserInfoCheck;
use App\Withdrawal;
use App\WithdrawalBatch;
class PermissionService{
//不要权限就能访问的组
public static function getIgnorePermissionGroups(){
return [
'login', 'upload_to_tester', 'logout', 'index'
];
}
//不要权限就能访问的页面
public static function getIgnorePermissions(){
return [
'admin.dashboard.index', 'admin.upload_to_tester', 'admin.login', 'admin.index', 'admin.logout','admin.merchant.index'
];
}
//不是权限组的页面
public static function getIgnoreGroups(){
return [
'dashboard', 'index'
];
}
//需要获取权限的组数组
public static function getPermissionGroupsMap(){
return [
'list' => '模块开发示例',
// 'info' => '信息管理',
// 'company' => '企业服务管理',
// 'operation' => '运营管理',
'system' => '系统管理',
];
}
public static function isIgnored($permission){
return in_array($permission, self::getIgnorePermissions());
}
public static function getAdminRoutesGroups()
{
// 获取组名映射表
$groups_map = self::getPermissionGroupsMap();
// 获取或有路由
$all_routes = app()['router']->getRoutes()->getRoutesByName();
// 过滤总后台路由
$admin_routes = array_filter($all_routes, function ($route) {
return $route->getPrefix() === '/admin';
});
$routes_groups = [];
// 按模块分组
foreach ($admin_routes as $route) {
$group = $route->action['group'] ?? false;
// 过滤指定组
if ($group && array_key_exists($group, $groups_map)) {
$routes_groups[$group][] = $route;
}
}
return $routes_groups;
}
}
正是这个接口的起的作用,导致给一个管理员分配什么角色,管理员就有这个角色对应的权限.
当然 ,我们一开始给项目就可以设置一个默认的超级管理员,也就是拥有最大的权限,
就是在数据填充那边,进行优先设置:
<?php
use Illuminate\Database\Seeder;
class AuthSeeder extends Seeder
{
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
$now = \Carbon\Carbon::now();
DB::table('admins')->insert([
'name' => '管理员',
'mobile' => '*********',
'password' => bcrypt(123456),
'status' => 1,
'created_at' => $now,
'updated_at' => $now,
]);
DB::table('roles')->insert([
'name' => 'admin',
'display' => '超级管理员',
'created_at' => $now,
'updated_at' => $now,
]);
DB::table('admin_role')->insert([
'admin_id' => 1,
'role_id' => 1,
]);
}
}
然后将这个填充文件,注册到DatabaseSeeder.php文件中:
public function run()
{
$this->call(AuthSeeder::class);
}
然后执行:php artisan db:seed 就可以优先给后台配置一个超级管理员了!