分销商角色不允许访问用户管理模块与帮助工具

app/Distributor/routes.php

@@ -3,7 +3,12 @@
 use Illuminate\Routing\Router;
 use Illuminate\Support\Facades\Route;
 use Dcat\Admin\Admin;
+use App\Http\Middleware\DistAuth;
+use Illuminate\Http\Request;
 
+/**
+ * 原后台框架路由
+ */
 Admin::routes();
 
 Route::group([
@@ -15,3 +20,8 @@ Route::group([
     $router->get('/', 'HomeController@index');
 
 });
+
+
+
+
+

app/Http/Kernel.php

@@ -63,5 +63,6 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'distauth' => \App\Http\Middleware\DistAuth::class,
     ];
 }

app/Http/Middleware/DistAuth.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+use Closure;
+use Dcat\Admin\Admin;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class DistAuth
+{
+    private  $excludeList = [
+        '/auth/users',
+        '/auth/roles',
+        '/auth/permissions',
+        '/auth/menu',
+        '/auth/extensions',
+        '/helpers/scaffold',
+        '/helpers/icons',
+    ];
+
+    public function handle($request, Closure $next)
+    {
+        //如果用户非管理员角色，判断是否含以上URL，含有则触发404
+        foreach ($this->excludeList as $item) {
+            if (strpos($request->url(), $item) !== false) {
+                if (!Admin::user()->isAdministrator()) {
+                    throw new NotFoundHttpException; // 触发404
+                }
+            }
+        }
+
+        //否则继续处理当前请求
+        return $next($request);
+
+    }
+
+}

config/distributor.php

@@ -71,7 +71,7 @@ return [
 
         'namespace' => 'App\\Distributor\\Controllers',
 
-        'middleware' => ['web', 'admin'],
+        'middleware' => ['web', 'admin','distauth'],
     ],
 
     /*