如何在Laravel 5.3中执行授权策略? [英] How can I do Authorization Policies in Laravel 5.3?
问题描述
我在这里阅读: https://laravel.com/docs/5.3/authorization #writing-policies
我试图喜欢这个
我的收藏夹政策是这样的:
My FavoritePolicy is like this :
<?php
namespace App\Policies;
use App\User;
use App\Models\Favorite;
use Illuminate\Auth\Access\HandlesAuthorization;
class FavoritePolicy
{
use HandlesAuthorization;
public function view(User $user, Favorite $favorite)
{
return $user->id === $favorite->user_id;
}
}
我的FavoriteController是这样的:
My FavoriteController is like this :
<?php
use App\Models\Favorite;
...
class FavoriteController extends ApiController
{
...
public function index(Favorite $favorite)
{
$this->authorize('view', $favorite);
return view('profile.favorite');
}
}
我的AuthServiceProvider是这样的:
My AuthServiceProvider is like this :
<?php
namespace App\Providers;
use App\Models\Favorite;
use App\Policies\FavoritePolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
Favorite::class => FavoritePolicy::class,
];
public function boot()
{
$this->registerPolicies();
}
}
当我运行系统以显示收藏夹列表时,会出现如下错误:
When I run my system to display favorite listing, there exist error like this :
哇,看起来好像出了点问题.
Whoops, looks like something went wrong.
1/1 HttpException:此操作是 未经授权.
1/1 HttpException in Handler.php line 115: This action is unauthorized.
什么是正确的授权策略实施?
What the implementation of Authorization Policies is correct?
我在视图方法(FavoritePolicy)中尝试dd($user),结果显示正在记录用户数据.是真的
I try dd($user) in view method(FavoritePolicy), the result displays user data is being logged. It's true
但是我尝试dd($favorite),结果不显示当前登录用户的收藏夹数据.尽管我在表上检查,但存在当前登录用户的收藏夹数据
But I try dd($favorite), the result does not display favorite data of the user who is currently logged. Whereas I check on the table, favorite data of the user who is currently logged is exist
我该如何解决这个问题?
How can I solve this problem?
更新
出现dd($favorite)的结果:
Favorite {#498 ▼
#fillable: array:3 [▶]
#connection: null
#table: null
#primaryKey: "id"
#keyType: "int"
#perPage: 15
+incrementing: true
+timestamps: true
#attributes: []
#original: []
#relations: []
#hidden: []
#visible: []
#appends: []
#guarded: array:1 [▼
0 => "*"
]
#dates: []
#dateFormat: null
#casts: []
#touches: []
#observables: []
#with: []
+exists: false
+wasRecentlyCreated: false
}
推荐答案
感谢您提供更新中的其他信息!
Thanks for the additional info in your update!
因此,您只想显示一个特定Favorite实体的详细信息页面,但前提是用户是该实体的所有者?
So, you want to show the detail page of one specific Favorite entity, but only if the user is the owner of this entity?
首先是一个较小的问题":通常在Laravel中,显示特定实体详细信息的控制器方法称为show,而不是index. index是显示实体列表(在您的示例中:收藏夹列表)的方法的名称.
Firstly a minor "issue": usually in Laravel the controller method that shows details of a specific entity is called show, not index. index is the name for methods that show a list of entities (in your example: a list of favorites).
关于您的问题:
您的策略检查当前登录的用户是否可以查看空的$favorite(请参阅更新后的dd($favorite)输出).也就是说,您的index方法中也未设置$favorite.
Regarding your problem:
Your policy checks if the currently logged in user can view an empty $favorite (see the dd($favorite) output in your post update). Which means, that $favorite is also not set in your index method.
我想,您定义的路由与此类似:
I guess, you have a route defined similar to this:
Route::get('favorite/{id}', 'FavoriteController@index');
这意味着,将id的值作为参数而不是Favorite实体注入到您的index方法中.要查询Favorite实体,您需要在方法中进行操作.
This means, that the value of id is injected into your index method as a parameter, but not a Favorite entity. To query for the Favorite entity is something you need to do in the method.
因此,您的方法应该更像这样:
So, your method should more look like this:
public function index($favoriteId)
{
$favorite = Favorite::findOrFail($favoriteId);
$this->authorize('view', $favorite);
return view('profile.favorite')->with('favorite', $favorite);
}
希望有帮助!如果没有,请添加评论!
Hope that helps! If not, please add a comment!
这篇关于如何在Laravel 5.3中执行授权策略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
