Laravel授权策略AccessDeniedHttpException此操作是未授权的 [英] Laravel Authorization Policy AccessDeniedHttpException This action is unauthorized

问题描述

我有此设置:-

\ App \ Policies \ ObservationPolicy

\App\Policies\ObservationPolicy

<?php

namespace App\Policies;

use App\Observation;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class ObservationPolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    public function edit(User $user, Observation $observation)
    {
        return $user->id == $observation->user_id;
    }



}

身份验证服务提供商:

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;


class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        'App\Observation' => 'App\Policies\ObservationPolicy'
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

当我尝试使用以下语句查看文件时:-

When i tried in view file with this statement :-

@can('edit', $observation)
@endcan

它没有任何问题.

但是当我在Controller中使用时:

But when i used in Controller :

public function edit($id,Observation $observation)
    {
        $this->authorize('edit', $observation);
        return view('mypage');
    }

它总是返回错误: AccessDeniedHttpException 此操作是未经授权的

it always return error :- AccessDeniedHttpException This action is unauthorized

我访问的路线是:- 路线:: get('/Observation/{id}/edit'，'ObservationController @ edit');

The route that i accessed is :- Route::get('/Observation/{id}/edit', 'ObservationController@edit');

推荐答案

好像您在控制器方法中接受了错误的参数.

Looks like you're accepting the wrong parameters in your controller method.

您定义的路线:

Route::get('/Observation/{id}/edit', 'ObservationController@edit');

将沿$id传递，但我认为Observation $observation只是在创建observation类的新实例. 之所以发生这种情况是因为Laravel认为您想在控制器方法中使用依赖项注入: https://laravel.com/docs/5.5/controllers#dependency-注射和控制器

is going to pass along the $id, but I think the Observation $observation is just making a new instance of the Observation class. It's happening because Laravel thinks you want to use dependency injection in your controller method: https://laravel.com/docs/5.5/controllers#dependency-injection-and-controllers

public function edit($id, Observation $observation):

---

相反在您的路线中尝试以下操作:

---

Instead try this in your route:

Route::get('/Observation/{observation}/edit', 'ObservationController@edit');

，并将其作为您的方法参数:

and this as your method parameters:

public function edit(Observation $observation):

在这里，我们使用内置功能来进行路由模型绑定: https://laravel.com/docs/5.5/routing#route-model-绑定
如果您不想依靠这种魔力，则必须手动在控制器方法中找到实际的观察值，例如$observation = Observation::findOrFail($id);

Here we use the build-in feature to do route model binding: https://laravel.com/docs/5.5/routing#route-model-binding
If you don't want to rely on that magic, you would have to find the actual observation inside your controller method manually, for example $observation = Observation::findOrFail($id);

这篇关于Laravel授权策略AccessDeniedHttpException此操作是未授权的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！