Laravel授权策略AccessDeniedHttpException此操作是未授权的 [英] Laravel Authorization Policy AccessDeniedHttpException This action is unauthorized
问题描述
我有此设置:-
\ App \ Policies \ ObservationPolicy
\App\Policies\ObservationPolicy
<?php
namespace App\Policies;
use App\Observation;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class ObservationPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function edit(User $user, Observation $observation)
{
return $user->id == $observation->user_id;
}
}
身份验证服务提供商:
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
'App\Observation' => 'App\Policies\ObservationPolicy'
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
//
}
}
当我尝试使用以下语句查看文件时:-
When i tried in view file with this statement :-
@can('edit', $observation)
@endcan
它没有任何问题.
但是当我在Controller中使用时:
But when i used in Controller :
public function edit($id,Observation $observation)
{
$this->authorize('edit', $observation);
return view('mypage');
}
它总是返回错误: AccessDeniedHttpException 此操作是未经授权的
it always return error :- AccessDeniedHttpException This action is unauthorized
我访问的路线是:- 路线:: get('/Observation/{id}/edit','ObservationController @ edit');
The route that i accessed is :- Route::get('/Observation/{id}/edit', 'ObservationController@edit');
推荐答案
好像您在控制器方法中接受了错误的参数.
Looks like you're accepting the wrong parameters in your controller method.
您定义的路线:
Route::get('/Observation/{id}/edit', 'ObservationController@edit');
将沿$id
传递,但我认为Observation $observation
只是在创建observation类的新实例.
之所以发生这种情况是因为Laravel认为您想在控制器方法中使用依赖项注入:
https://laravel.com/docs/5.5/controllers#dependency-注射和控制器
is going to pass along the $id
, but I think the Observation $observation
is just making a new instance of the Observation class.
It's happening because Laravel thinks you want to use dependency injection in your controller method:
https://laravel.com/docs/5.5/controllers#dependency-injection-and-controllers
public function edit($id, Observation $observation):
相反在您的路线中尝试以下操作:
Instead try this in your route:
Route::get('/Observation/{observation}/edit', 'ObservationController@edit');
,并将其作为您的方法参数:
and this as your method parameters:
public function edit(Observation $observation):
在这里,我们使用内置功能来进行路由模型绑定:
https://laravel.com/docs/5.5/routing#route-model-绑定
如果您不想依靠这种魔力,则必须手动在控制器方法中找到实际的观察值,例如$observation = Observation::findOrFail($id);
Here we use the build-in feature to do route model binding:
https://laravel.com/docs/5.5/routing#route-model-binding
If you don't want to rely on that magic, you would have to find the actual observation inside your controller method manually, for example $observation = Observation::findOrFail($id);
这篇关于Laravel授权策略AccessDeniedHttpException此操作是未授权的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!