在 store() 方法内的 Laravel 控制器中使用策略的 this->authorize() 检查
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40319065/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using a policy's this->authorize() check in a laravel controller inside a store() method
提问by Ramy Farid
So I was reading about using laravel policies for granting authorities on the resources of my application but there seems to be a problem there though I followed the tutorial.
因此,我正在阅读有关使用 Laravel 策略授予对我的应用程序资源的权限的信息,但尽管我遵循了教程,但似乎存在问题。
I have a user model which can't be created via HTTP requests except by other users who have the Entrustrole of 'Admin' or 'Broker'. What I understood and succeeded to make it work on other actions like indexing users was the following:
我有一个不能通过 HTTP 请求创建的用户模型,除了具有“管理员”或“经纪人”委托角色的其他用户。我理解并成功使其适用于索引用户等其他操作的内容如下:
Inside the AuthServiceProvider.phpinside the private $policiesarray, I registered that User class with the UserPolicyclass like that
在AuthServiceProvider.php私有$policies数组内部,我用这样的UserPolicy类注册了那个 User 类
class AuthServiceProvider extends ServiceProvider {
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
User::class => UserPolicy::class,
Insured::class => InsuredPolicy::class
];
public function boot(GateContract $gate)
{
$this->registerPolicies($gate);
}
}
Define the UserPolicy controller class:
定义 UserPolicy 控制器类:
class UserPolicy {
use HandlesAuthorization;
protected $user;
public function __construct(User $user) {
$this->user = $user;
}
public function index(User $user) {
$is_authorized = $user->hasRole('Admin');
return $is_authorized;
}
public function show(User $user, User $user_res) {
$is_authorized = ($user->id == $user_res->id);
return $is_authorized;
}
public function store() {
$is_authorized = $user->hasRole('Admin');
return $is_authorized;
}
}
Then inside the UserControllerclass, before performing the critical action I use this->authorize()check to halt or proceed depending on the privilege of the user
然后在UserController班级内部,在执行关键操作之前,我this->authorize()根据用户的权限使用检查停止或继续
class UserController extends Controller
{
public function index()
{
//temporary authentication here
$users = User::all();
$this->authorize('index', User::class);
return $users;
}
public function show($id)
{
$user = User::find($id);
$this->authorize('show', $user);
return $user;
}
public function store(Request $request) {
$user = new User;
$user->name = $request->get('name');
$user->email = $request->get('email');
$user->password = \Hash::make($request->get('password'));
$this->authorize('store', User::class);
$user->save();
return $user;
}
}
The problemis that $this->authorize()always halts the process on the store action returning exception: This action is unauthorized.
问题是$this->authorize()总是在存储操作返回异常时停止进程:此操作未经授权。
I tried multiple variations for arguments of the authorize() and can't get it to work like the index action
我为 authorize() 的参数尝试了多种变体,但无法像索引操作一样工作
采纳答案by Amit Gupta
In store()function of UserPolicy::classyou are not passing the User model object:
在store()函数中,UserPolicy::class您没有传递 User 模型对象:
public function store(User $user) {
$is_authorized = $user->hasRole('Admin');
return true;
}
missing argument User $user.
缺少参数User $user。
Maybe this is the cause of the problem.
也许这就是问题的原因。
