Laravel8 middleware realizes simple permission control

First of all, there must be a concept , What is permission control , When a user logs in , Backstage will give different roles , Each role has a different role , Each function is a permission . A user can have many roles （ One to many ）, A role can have many permissions （ One to many ）, Empathy , A role can be owned by many users , A permission can also be used by many roles . In daily life, it is basically a one-to-one or a pile of many states , Many to many is rarely used in daily writing , What is the situation of many to many ？

Multiple permissions corresponding to multiple users , It can be understood as multiple one to many combined and interrelated States .

Now let's explain in detail the control of user permissions in the middleware

1： First of all, the user gets the role of Yinghu when logging in id, Through role id Get user permissions id（ Get through the role and permission association table ）

  When we get the user permission , Put it in the cache . here , There are two ways to control , One is relatively simple , Directly read the existing permissions in the controller , In this way, the homepage only shows the permissions that the user already has , The rest will not be displayed .

You can check the specific methods ：https://blog.csdn.net/NobleCharacter/article/details/125491479?spm=1001.2014.3001.5502

The other kind is more troublesome , Show all the routing pages on the home page , Identify in middleware , When the route taken is not an existing permission route, no permission will be returned .

First, read the permission information in the cache in the middleware

Get the current route to go  

  $route = $request->path();

in addition ： Every web page has some public pages to use , For example, the home page , Welcome page, etc , Write separately to config In the self built file under , Write the route of the public page in it

  Re middleware reading

  Because the data read in the cache is a two-dimensional array , Loop to get the route name in each array , Then splice with the public ,

Then judge whether the route to be taken is within the route with permission outside the loop , If not, return no permission .

//         Read the permission page route in the cache 
        $auths = Cache::get('auths');
//         Get the page route to go 
        $route = $request->path();
        $res = config("rbac.allow_route");
        if ($auths !== true) {
            foreach ($auths as $v) {
//                 Determine whether the route name is empty , The top page has no routing name .
                if ($v['route_name']!=''){
//                     Append the obtained route name to the previous public page route 
                    array_push($res,'admin/'.$v['route_name']);
                }
            }
//             Judge whether there is permission in the loop 
            if (!in_array($route, $res)) {
                exit(' No authority ');
            }