Laravel Five Foundations (12)-Certifications

Laravel 5 Basics (12)-Certifications

Laravel Factory has been shipped with a user authentication system, we look routes.php at, if deleted, add on:

Route::controllers([    'auth' => 'Auth\AuthController',    'password' => 'Auth\PasswordController']);

You can use it for a php artisan route:list look. Browser Access /auth/login , you can see the login interface, it is best to put the system default app.blade.php on Google things to annotate, otherwise you will be crazy.

You can use register, login, and even forget password.

The actual registration of a user, after the submission failed, actually did not fail, just larave automatically jump to the /home , we have deleted this controller. You can use it tinker to look at the user already established.

Auth\AuthControlleractually used in trait , what is Triat? Well,php only supports single inheritance, adds trait in php5.4, and a trait is actually a package of methods that you can include in another class. Like an abstract class, you can't instantiate him directly.

Auth\AuthControllerThere are references to trait in:

use AuthenticatesAndRegistersUsers;

Let's find him and see how it jumps after registration. He hides a pretty deep, in vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesAndregistersUsers.php , wow.

public function redirectPath(){if (property_exists($this, 'redirectPath')){return $this->redirectPath;}                //如果用户设置了 redirectTo 属性，则跳转到用户设置的属性，否则到homereturn property_exists($this, 'redirectTo') ? $this->redirectTo : '/home';}

OK, we know, as long as redirectTo you set this property you can customize the post-registration jump. We have Auth\AuthContotroller modified in:

 protected $redirectTo = 'articles';

We use first to /auth/logout make sure we exit, if something goes wrong don't be afraid, we don't have the default homepage, re-visit: auth/register Create a new user, this time should be OK.

Logout again, then login with login.

Now we can delete the form_partial hidden fields in the temporary settings, and then modify the controller:

    public function store(Requests\ArticleRequest $request) {        //你可以这样        //$request = $request->all();        //$request['user_id'] = Auth::id();        //更简单的方法        $article = Article::create($request->all());        //laravel 自动完成外键关联        Auth::user()->articles()->save($article);        return redirect('articles');    }

Add an article and then use it to tinker view it.

Middleware

We certainly do not want anyone to be able to publish articles, at least for landing. We add protection to the controller:

    public function create() {        if (Auth::guest()) {            return redirect('articles');        }        return view('articles.create');    }

The above code can work, there is a problem, we need to be in each method to protect the above processing, it is silly, fortunately we have middleware.

Middleware can be understood as a processing pipeline in which the middleware is processed at some point in the pipeline, which can be either a request or a response. Depending on the processing rules of the middleware, requests may be redirected or may be requested.

Included in the app/http/middleware three middleware, the name can see what is doing, take a good look, notice, Closure $next represents the next middleware.

The app/http/kernel.php middleware is registered in. The $middleware segment declares the middleware that handles all HTTP processing $routeMiddleware , only the routing process, and the declaration you must display to use one or several of these middleware.

Assuming we want to protect the whole ArticlesController , we add the middleware directly to the constructor:

    public function __construct() {        $this->middleware('auth');    }

Now, any method is protected.

But we may not want the entire controller to be protected, what if it's just one or two of these methods? We can deal with this:

    public function __construct() {        $this->middleware('auth', ['only' => 'create']);        //当然可以反过来        //$this->middleware('auth', ['except' => 'index']);    }

We do not necessarily introduce middleware in the controller's constructor, we can declare it directly in the route:

Route::get('about', ['middleware' => 'auth', 'uses' => '[email protected]']);

In the kernel.php system middleware provided in, such as 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode' can let us into the maintenance mode, such as the system on-line, but now need to temporarily shut down for a period of time for processing, we can be processed at the command line, look at the work of this middleware:

php artisan down

Visit the site to see any URL requests are immediately back. Website on-line:

php artisan up

Let's make a middleware of our own:

 php artisan make:middleware Demo

Then add the code:

public function handle($request, Closure $next){        //如果请求中含有 foo，我们就回到控制器首页        if ($request->has('foo')) {            return redirect('articles');        }return $next($request);}

If you want to use middleware in all requests, you need to kernel.php $middleware register in:

protected $middleware = [...'App\Http\Middleware\Demo',];

Now we can test it, assuming we visit /articles/create?foo=bar , we are redirected to the home page.

Let's get rid of this display middleware and we'll create a really useful middleware. Suppose we want to protect a page that must be accessed by a manager.

php artisan make:middleware RedirectIfNotAManager

Let's add the processing code:

public function handle($request, Closure $next){        if (!$request->user() || !$request->user()->isATeamManager()) {            return redirect('articles');        }return $next($request);}

The following modifies our model:

    public function isATeamManager() {        return false;    }

For simplicity's sake, we return false directly. This time we put the middleware in kernel.php the middle $routeMiddleware .

protected $routeMiddleware = [...'manager' => 'App\Http\Middleware\RedirectIfNotAManager',];

Let's do a test route test:

Route::get('foo', ['middleware' => 'manager', function() {    return 'This page may only be viewed by manager';}]);

Guest identity or login access will return to the home page, but if the change isATeamManager() true is returned, login identity access will see the returned information.

