mtb_dcatadmin_album/app/Http/Middleware/DistAuth.php

<?php

namespace App\Http\Middleware;
use Closure;
use Dcat\Admin\Admin;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class DistAuth
{
    private  $excludeList = [
        '/auth/users',
        '/auth/roles',
        '/auth/permissions',
        '/auth/menu',
        '/auth/extensions',
        '/helpers/scaffold',
        '/helpers/icons',
    ];

    public function handle($request, Closure $next)
    {
        //如果用户非管理员角色，判断是否含以上URL，含有则触发404
        foreach ($this->excludeList as $item) {
            if (strpos($request->url(), $item) !== false) {
                if (!Admin::user()->isAdministrator()) {
                    throw new NotFoundHttpException; // 触发404
                }
            }
        }

        //否则继续处理当前请求
        return $next($request);

    }

}