Laravel 11 角色和权限7--应用权限 中间件

在Laravel 11,打开 /bootstrap/app.php 并在那里注册它们：

->withMiddleware(function (Middleware $middleware) {
        $middleware->alias([
            'role' => \Spatie\Permission\Middleware\RoleMiddleware::class,
            'permission' => \Spatie\Permission\Middleware\PermissionMiddleware::class,
            'role_or_permission' => \Spatie\Permission\Middleware\RoleOrPermissionMiddleware::class,
        ]);
    })

一、控制器

在 Laravel 11 中，如果你的控制器实现了HasMiddleware接口，你可以使用middleware()方法注册控制器中间件：

文章控制器

App/Http/Controllers/ArticleController.php

<?php

namespace App\Http\Controllers;

//
use Illuminate\Routing\Controllers\HasMiddleware;
use Illuminate\Routing\Controllers\Middleware;

class ArticleController extends Controller implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            new Middleware('permission:view articles', only: ['index']),
            new Middleware('permission:edit articles', only: ['edit']),
            new Middleware('permission:create articles', only: ['create']),
            new Middleware('permission:delete articles', only: ['destroy']),
        ];
    }
    
    //

}

权限控制器

App/Http/Controllers/PermissionController.php

<?php

namespace App\Http\Controllers;

//
use Illuminate\Routing\Controllers\HasMiddleware;
use Illuminate\Routing\Controllers\Middleware;

class PermissionController extends Controller implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            new Middleware('permission:view permissions', only: ['index']),
            new Middleware('permission:edit permissions', only: ['edit']),
            new Middleware('permission:create permissions', only: ['create']),
            new Middleware('permission:delete permissions', only: ['destroy']),
        ];
    }

    //

}

角色控制器

App/Http/Controllers/RoleController.php

<?php

namespace App\Http\Controllers;

//
use Illuminate\Routing\Controllers\HasMiddleware;
use Illuminate\Routing\Controllers\Middleware;

class RoleController extends Controller implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            new Middleware('permission:view roles', only: ['index']),
            new Middleware('permission:edit roles', only: ['edit']),
            new Middleware('permission:create roles', only: ['create']),
            new Middleware('permission:delete roles', only: ['destroy']),
        ];
    }

    //
}

用户控制器

App/Http/Controllers/UserController.php

<?php

namespace App\Http\Controllers;

//
use Illuminate\Routing\Controllers\HasMiddleware;
use Illuminate\Routing\Controllers\Middleware;

class UserController extends Controller implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            new Middleware('permission:view users', only: ['index']),
            new Middleware('permission:edit users', only: ['edit']),
//            new Middleware('permission:create users', only: ['create']),
//            new Middleware('permission:delete users', only: ['destroy']),
        ];
    }

    //
}

二、模版权限

导航栏授权

resources/views/layouts/navigation.blade.php Laravel 的原生 @can 指令来检查用户是否具有特定权限：

...
...
@can('view permissions')
    <div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
        <x-nav-link :href="route('permissions.index')"
                    :active="request()->routeIs('permissions.index')">
            {{ __('权限') }}
        </x-nav-link>
    </div>
@endcan

@can('view roles')
    <div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
        <x-nav-link :href="route('roles.index')" :active="request()->routeIs('roles.index')">
            {{ __('角色') }}
        </x-nav-link>
    </div>
@endcan

@can('view articles')
    <div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
        <x-nav-link :href="route('articles.index')" :active="request()->routeIs('articles.index')">
            {{ __('文章') }}
        </x-nav-link>
    </div>
@endcan

@can('view users')
    <div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
        <x-nav-link :href="route('users.index')" :active="request()->routeIs('users.index')">
            {{ __('用户') }}
        </x-nav-link>
    </div>
@endcan

文章首页编辑、删除、新增权限授权

resources/views/articles/list.blade.php

...
...
@can('create articles')
<a href="{{ route('articles.create') }}"
   class="bg-slate-700 text-sm rounded-md text-white px-3 py-2">新增</a>
@endcan
...
...
...
<td class="px-6 py-3 text-center">
    @can('edit articles')
        <a href="{{ route('articles.edit',$article->id) }}"
           class="bg-slate-700 text-sm rounded-md text-white px-3 py-2 hover:bg-slate-600">编辑</a>
    @endcan
    @can('delete articles')
        <a href="javascript:void(0);" onclick="deletePermission({{$article->id}})"
           class="bg-red-600 text-sm rounded-md text-white px-3 py-2 hover:bg-red-500">删除</a>
    @endcan
</td>
...

角色首页编辑、删除、新增权限授权

...
...
@can('create permissions')
<a href="{{ route('permissions.create') }}"
   class="bg-slate-700 text-sm rounded-md text-white px-3 py-2">新增</a>
@endcan
...
...
...
@can('edit permissions')
    <a href="{{ route('permissions.edit',$permission->id) }}"
       class="bg-slate-700 text-sm rounded-md text-white px-3 py-2 hover:bg-slate-600">编辑</a>
@endcan
@can('delete permissions')
    <a href="javascript:void(0);" onclick="deletePermission( {{$permission->id}} )"
       class="bg-red-600 text-sm rounded-md text-white px-3 py-2 hover:bg-red-500">删除</a>
@endcan
...
...

权限首页编辑、删除、新增权限授权

resources/views/roles/list.blade.php

...
...
<a href="{{ route('roles.create') }}"
   class="bg-slate-700 text-sm rounded-md text-white px-3 py-2">新增</a>
@endcan
...
...
...
@can('edit roles')
    <a href="{{ route('roles.edit',$role->id) }}"
       class="bg-slate-700 text-sm rounded-md text-white px-3 py-2 hover:bg-slate-600">编辑</a>
@endcan
@can('delete roles')
    <a href="javascript:void(0);" onclick="deletePermission( {{$role->id}} )"
       class="bg-red-600 text-sm rounded-md text-white px-3 py-2 hover:bg-red-500">删除</a>
@endcan

...
@can('create permissions')
<a href="{{ route('permissions.create') }}"
   class="bg-slate-700 text-sm rounded-md text-white px-3 py-2">新增</a>
@endcan
...
...
...
@can('edit permissions')
    <a href="{{ route('permissions.edit',$permission->id) }}"
       class="bg-slate-700 text-sm rounded-md text-white px-3 py-2 hover:bg-slate-600">编辑</a>
@endcan
@can('delete permissions')
    <a href="javascript:void(0);" onclick="deletePermission( {{$permission->id}} )"
       class="bg-red-600 text-sm rounded-md text-white px-3 py-2 hover:bg-red-500">删除</a>
@endcan
...

用户首页编辑、删除、新增权限授权

resources/views/users/list.blade.php

@can('edit users')
    <a href="{{route('users.edit',$user->id)}}"
       class="bg-slate-700 text-sm rounded-md text-white px-3 py-2 hover:bg-slate-600">编辑</a>
@endcan
@can('delete users')
    <a href="javascript:void(0);" onclick="deletePermission(  )"
       class="bg-red-600 text-sm rounded-md text-white px-3 py-2 hover:bg-red-500">删除</a>
@endcan

代码案例举例：

@can('edit articles')
  //
@endcan

您可以使用 @can、@cannot、@canany 和 @guest 来测试与权限相关的访问权限

添加右上角角色名

<div>{{ Auth::user()->name }}({{ Auth::user()->roles->pluck('name')->implode(',') }})</div>