在app/Http/Middleware下新建文件AccessControl.php
代码为下
<?php
namespace App\Http\Middleware;
use Dcat\Admin\Auth\Permission;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException;
class AccessControl
{
protected $denyMethods = ['POST', 'PUT', 'DELETE'];
protected $excepts = [
'POST' => [
'admin/auth/login',
'admin/dcat-api/value',
],
];
public function handle(Request $request, \Closure $next)
{
if (config('app.deny_update')) {
return $next($request);
}
foreach ($this->excepts as $method => $route) {
if ($request->isMethod($method) && $request->is(...$route)) {
return $next($request);
}
}
if (in_array($request->getMethod(), $this->denyMethods)) {
try {
Permission::error();
} catch (HttpException $e) {
return response()->json([
'status' => false,
'message' => '对不起,演示站点不支持修改数据。',
]);
}
}
return $next($request);
}
}
紧接着在app/Http/Kernel.php中注册
<?php
namespace App\Http;
use App\Http\Middleware\AccessControl;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
AccessControl::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
}
提供