How to implement permission based navigation menu in Laravel
Nov 02, 2023 pm 06:52 PM
As websites and applications become more and more complex, permission management becomes critical. When a user logs in through authentication, we want them to be able to access pages and features to which they have permission, but not to pages and features to which they do not have permission. This article will explain how to implement a permission-based navigation menu in Laravel so that we can easily control what the user can see.
Step 1: Install Laravel and configure the database
If you are already familiar with Laravel, you can skip this step. Otherwise follow these steps to install Laravel:
- Install Composer: If you haven’t installed Composer yet, please follow the official guide to install it first.
-
Install Laravel: Open the terminal and use Composer to install Laravel.
composer global require laravel/installer
Configure the database: Set the database connection parameters in the .env file.
DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=your_database_name DB_USERNAME=your_username DB_PASSWORD=your_password
Run migrations: Run database migrations to create the required tables.
php artisan migrate
Step 2: Set up routes and controllers
In this example, we will create a controller named DashboardController and define three routes for it :/dashboard, /users, /roles. Necessary permission checks can be added in the controller's constructor.
<?php
namespace AppHttpControllers;
use IlluminateHttpRequest;
class DashboardController extends Controller
{
public function __construct()
{
$this->middleware(['auth', 'permissions']); // 添加授權(quán)中間件
}
public function index()
{
return view('dashboard');
}
public function users()
{
return view('users');
}
public function roles()
{
return view('roles');
}
}Step 3: Set permission rules
Next, we need to define permission rules. We create a file called permissions.php in which we define all the required permissions. You can modify or add more permission rules according to your business needs.
return [
'admin' => [
'dashboard' => true,
'users' => true,
'roles' => true,
],
'editor' => [
'dashboard' => true,
'users' => false,
'roles' => false,
],
'user' => [
'dashboard' => true,
'users' => false,
'roles' => false,
],
];Step 4: Create middleware and register
We need to create a middleware to check the user's permissions. Create a middleware named CheckPermissions in the /app/Http/Middleware directory.
<?php
namespace AppHttpMiddleware;
use Closure;
use IlluminateSupportFacadesAuth;
class CheckPermissions
{
public function handle($request, Closure $next)
{
$user = Auth::user();
$routeName = $request->route()->getName();
if (!$user->hasPermission($routeName)) {
abort(403);
}
return $next($request);
}
}As you can see, the middleware gets the route name from the request and uses the Auth::user() method to check whether the user has permission to access the route. If there is no permission, a 403 Forbidden status will be returned.
Then we need to register the middleware into the application. Open the /app/Http/Kernel.php file and find the $middlewareGroups array. Add a middleware called permissions in the web array.
protected $middlewareGroups = [
'web' => [
// ...
AppHttpMiddlewareCheckPermissions::class,
],
// ...
];Step Five: Create View and Navigation Menu
When creating the navigation menu in the view file, we need to check whether the user has permission to access each link. Use the Auth::user() method to check whether the current user has specific permissions for a feature.
<nav>
<ul>
<li><a href="{{ route('dashboard') }}" @if (!Auth::user()->hasPermission('dashboard'))disabled@endif>Dashboard</a></li>
<li><a href="{{ route('users') }}" @if (!Auth::user()->hasPermission('users'))disabled@endif>Users</a></li>
<li><a href="{{ route('roles') }}" @if (!Auth::user()->hasPermission('roles'))disabled@endif>Roles</a></li>
</ul>
</nav>Step 6: Check permissions
In the user model, we define a method called hasPermission(). This method accepts a route name and then checks whether the user has access to that route.
public function hasPermission($routeName)
{
$role = $this->role;
$permissions = config('permissions.' . $role);
return isset($permissions[$routeName]) && $permissions[$routeName];
}We use the config() function to read the permission rules and check whether the user has access permission to the route. We also use the role attribute in the user model to get the role of that user.
Now we have successfully created a permission-based navigation menu that automatically disables links when the user accesses a prohibited page. Hope this article can help you master how to use Laravel to implement permission-based navigation menu.
The above is the detailed content of How to implement permission based navigation menu in Laravel. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What is Middleware in Laravel? How to use it?
May 29, 2025 pm 09:27 PM
Middleware is a filtering mechanism in Laravel that is used to intercept and process HTTP requests. Use steps: 1. Create middleware: Use the command "phpartisanmake:middlewareCheckRole". 2. Define processing logic: Write specific logic in the generated file. 3. Register middleware: Add middleware in Kernel.php. 4. Use middleware: Apply middleware in routing definition.
Laravel MVC Architecture: what can go wrong?
Jun 05, 2025 am 12:05 AM
Laravel'sMVCarchitecturecanfaceseveralissues:1)Fatcontrollerscanbeavoidedbydelegatinglogictoservices.2)Overloadedmodelsshouldfocusondataaccess.3)Viewsshouldremainsimple,avoidingPHPlogic.4)PerformanceissueslikeN 1queriescanbemitigatedwitheagerloading.
What is Laravel Migrations? How to use it?
May 29, 2025 pm 09:24 PM
Laravel's migration is a database version control tool that allows developers to programmatically define and manage database structure changes. 1. Create a migration file using the Artisan command. 2. The migration file contains up and down methods, which defines the creation/modification and rollback of database tables respectively. 3. Use the phpartisanmigrate command to execute the migration, and use phpartisanmigrate:rollback to rollback.
Laravel: Simple MVC project for beginners
Jun 08, 2025 am 12:07 AM
Laravel is suitable for beginners to create MVC projects. 1) Install Laravel: Use composercreate-project--prefer-distlaravel/laravelyour-project-name command. 2) Create models, controllers and views: Define Post models, write PostController processing logic, create index and create views to display and add posts. 3) Set up routing: Configure/posts-related routes in routes/web.php. With these steps, you can build a simple blog application and master the basics of Laravel and MVC.
What are policies in Laravel, and how are they used?
Jun 21, 2025 am 12:21 AM
InLaravel,policiesorganizeauthorizationlogicformodelactions.1.Policiesareclasseswithmethodslikeview,create,update,anddeletethatreturntrueorfalsebasedonuserpermissions.2.Toregisterapolicy,mapthemodeltoitspolicyinthe$policiesarrayofAuthServiceProvider.
What are routes in Laravel, and how are they defined?
Jun 12, 2025 pm 08:21 PM
In Laravel, routing is the entry point of the application that defines the response logic when a client requests a specific URI. The route maps the URL to the corresponding processing code, which usually contains HTTP methods, URIs, and actions (closures or controller methods). 1. Basic structure of route definition: bind requests using Route::verb('/uri',action); 2. Supports multiple HTTP verbs such as GET, POST, PUT, etc.; 3. Dynamic parameters can be defined through {param} and data can be passed; 4. Routes can be named to generate URLs or redirects; 5. Use grouping functions to uniformly add prefixes, middleware and other sharing settings; 6. Routing files are divided into web.php, ap according to their purpose
How do I run seeders in Laravel? (php artisan db:seed)
Jun 12, 2025 pm 06:01 PM
Thephpartisandb:seedcommandinLaravelisusedtopopulatethedatabasewithtestordefaultdata.1.Itexecutestherun()methodinseederclasseslocatedin/database/seeders.2.Developerscanrunallseeders,aspecificseederusing--class,ortruncatetablesbeforeseedingwith--trunc
What is the purpose of the artisan command-line tool in Laravel?
Jun 13, 2025 am 11:17 AM
Artisan is a command line tool of Laravel to improve development efficiency. Its core functions include: 1. Generate code structures, such as controllers, models, etc., and automatically create files through make: controller and other commands; 2. Manage database migration and fill, use migrate to run migration, and db:seed to fill data; 3. Support custom commands, such as make:command creation command class to implement business logic encapsulation; 4. Provide debugging and environment management functions, such as key:generate to generate keys, and serve to start the development server. Proficiency in using Artisan can significantly improve Laravel development efficiency.
