我有两个不同的警卫api警卫和运输警卫,我使用 laratrust 包来管理用户的角色和权限
Route::get('/requests', 'RequestController@index')->middleware('ability:owner|administrator,read-requests|all-requests');
只有当守卫是api守卫时,我才需要运行上面的 laratrust 中间件
注意:- 来自 laratrust docs https://laratrust.santigarcor.me/docs/6.x/usage/middleware.html#concepts 我发现你可以像这样指定你的后卫,但它不起作用
Route::get('/requests', 'RequestController@index')->middleware('ability:owner|administrator,read-requests|all-requests|guard:api');
我从未使用过 Laratrust,但如果它是一个适用于整个路由组的中间件,我认为您可以在数组的app/Http/Kernel.php文件中定义它。$middlewareGroups
protected $middlewareGroups = [
'web' => [
'ability:owner',
'administrator',
'read-requests',
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Laravel\Jetstream\Http\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:api',
'ability:owner',
'administrator',
'read-requests',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];