0
我有一个使用phpCAS单点登录验证用户的Laravel 4应用程序。但是,我无法确定如何锁定任何未经授权的用户访问我的任何应用程序URL。对于这种情况,有许多用户可以在页面中传递phpCAS日志,但如果他们没有管理员权限,应同时拒绝访问我的应用程序(除访问拒绝页面外)。如何锁定应用程序中的未授权用户?
如何禁止这些用户在显示我的拒绝访问页面时访问我的应用的URL?
routes.php文件:
Route::get('/adminHome/{USER_ID}', array('as' => 'home', 'uses' => '[email protected]'));
Route::get('/adminHome/create/{USER_ID}', '[email protected]');
Route::get('/adminHome/{adminID}/delete/{USER_ID}', '[email protected]');
Route::post('/adminHome/store/{USER_ID}', '[email protected]');
Route::get('/adminHome', '[email protected]__construct');
Route::get('/accessDenied', array('as' => 'accessDenied', 'uses' => '[email protected]'));
管理控制器:
public function __construct()
{
App::make('CAS');
$ID = $_SESSION['phpCAS']['attributes']['UDC_IDENTIFIER'];
$admin = App::make('AdminServices');
$isValidAdmin = $admin->isAdmin($ID);
//check DB to see if user has admin access rights
if ($isValidAdmin && $isValidAdmin->ADMIN == "yes")
{
return Redirect::route('home', $ID);
}
else
{
return Redirect::route('accessDenied');
}
}
public function accessDenied()
{
return View::make('users/accessdenied');
}
的意见/用户存取遭拒/:
<div class="alert alert-danger" role="alert" align="center"><strong>Access Denied. </strong>You do not have permission to access this page. Please notify the system administrator to obtain access.</div>
看一看的文档[过滤器](http://laravel.com/docs/routing#route-filters) – 2014-08-27 15:21:04
你的代码似乎已经解决了你的问题 – worldask 2014-08-27 15:21:54
@MattBurrow,那正是我需要的。现在使用filters.php工作 – Burntspaghetti 2014-08-27 19:59:22