我正在建设REST API with JWT
具有自己的逻辑的身份验证和授权。它工作得很好。现在,我想根据角色和权限动态设置路由。假设我有这样的数据库结构:
Role:
id | name
1 | school
2 | transport
权限:
id | name | controller | routes
1 | view-class-result | ApiController | getClassResult
2 | view-student-result | ApiController | studentResult
3 | download-student-result | ApiController | donwloadSchoolTemplate
权限角色
role_id | permission_id
1 1
1 2
1 3
现在,我想根据数据库中的角色和权限创建路由。
目前我的路线如下:
//All JWT authentication API goes here
Route::group(['middleware' => 'jwt.auth'], function() {
Route::get('user', 'ApiController@getAuthUser');
Route::get('invalidate', 'ApiController@invalidate');
//All authorized API goes here
Route::group(['middleware' => 'ability:school,view-class-result,true'], function() {
Route::post('classResult', 'ApiController@getClassResult');
});
Route::group(['middleware' => 'ability:school,view-student-result,true'], function() {
Route::post('studentResult', 'ApiController@studentResult');
});
Route::group(['middleware' => 'ability:school,download-student-result,true'], function() {
Route::post('getStudentExamResult', 'ApiController@downloadSchoolTemplate');
});
});
我不希望对上述路线进行硬编码。我如何从数据库中获取此路线。像下面这样的东西。但不知道该怎么做。
在路线文件中,
$a = User:all();
foreach($a->roles as $value){
foreach($value->permission as $val){
Route::group(['middleware' => 'ability:{$value->name},{$val->name},true'], function() {
Route::post('{$val->controller}', '{$val->controller}@{$val->method}');
});
}
}
谢谢。