当前位置:theitroad>无法在 Laravel 5.3 中使用策略

无法在 Laravel 5.3 中使用策略

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/39427393/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-14 14:26:57  来源:igfitidea点击:

Unable to get Policies working in Laravel 5.3

phplaravellaravel-5authorizationpolicy

提问by Hyman Barham

I've been following the Laravel Authorization docs trying to build "is the user allowed to do this" functionality by using Policies, but I can't get it to work. I keep getting This action is unauthorizedand I've tried with route middleware too.

我一直在关注 Laravel 授权文档,试图通过使用策略来构建“用户是否允许这样做”功能,但我无法让它工作。我不断得到This action is unauthorized,我也尝试过使用路由中间件。

PagePolicy.php:

PagePolicy.php

namespace App\Policies;

use App\Models\User;
use App\Models\Page;

use Illuminate\Auth\Access\HandlesAuthorization;

class PagePolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the page.
     *
     * @param  App\Models\User  $user
     * @param  App\Models\Page  $page
     * @return mixed
     */
    public function view(User $user, Page $page)
    {
        return $user->id === $page->user_id;
    }

    /**
     * Determine whether the user can create pages.
     *
     * @param  App\Models\User  $user
     * @return mixed
     */
    public function create(User $user)
    {

    }

    /**
     * Determine whether the user can update the page.
     *
     * @param  App\Models\User  $user
     * @param  App\Models\Page  $page
     * @return mixed
     */
    public function update(User $user, Page $page)
    {
        //
    }

    /**
     * Determine whether the user can delete the page.
     *
     * @param  App\Models\User  $user
     * @param  App\Models\Page  $page
     * @return mixed
     */
    public function delete(User $user, Page $page)
    {
        //
    }
}

PageController.php:

PageController.php

namespace App\Http\Controllers;

use Auth;
use Carbon\Carbon;

use App\Models\Page;

use App\Http\Requests\PageRequest;

class PageController extends ApiController
{
    public function createNewPage(PageRequest $request)
    {
        $this->authorize('create', Page::class);

        $request->merge([
            'user_id' => Auth::id(),
            'published_at' => Carbon::now(),
        ]);

        if (Page::create($request->all())) {
            return response()->json('success', 201);
        }

        return response()->json('error', 500);
    }

}

AuthServiceProvidor.php:

AuthServiceProvidor.php

namespace App\Providers;

use App\Models\Page;
use App\Policies\PagePolicy;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        Page::class => PagePolicy::class,
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

回答by Hyman Barham

I managed to figure it out. I wasn't using Route Model Binding. So I added authorize()after the page call and used the $pagevariable instead of Page::class.

我设法弄明白了。我没有使用路由模型绑定。所以我authorize()在页面调用之后添加并使用了$page变量而不是Page::class.

public function update(PageUpdateRequest $request, $pageSlug)
{
    $page = Page::where(['user_id' => Auth::id(), 'slug' => $pageSlug])->first();
    $this->authorize('update', $page);
    $page->update($request->all());
    return fractal()->item($page, new PageTransformer())->toArray();
}

回答by alaric

It's not totally clear to me which action you're attempting to authorize since you've provided the call to create in the controller but only provided a policy check in place for viewing a page. Having said that, I would be sure to var_dump/dd the values you're attempting to do a type comparison of to verify they're of the same type. If anything's been explicitly cast, it may cause issues with certain database drivers that return integers as strings.

由于您已经在控制器中提供了对创建的调用,但仅提供了用于查看页面的策略检查,因此我并不完全清楚您尝试授权的操作。话虽如此,我一定会 var_dump/dd 您尝试进行类型比较的值,以验证它们的类型相同。如果显式转换了任何内容,则可能会导致某些将整数作为字符串返回的数据库驱动程序出现问题。

回答by bytesandcaffeine

I think the problem is not in your policies, rather in your PageRequestclass. Make sure the authorize()method in your App\Http\Requests\PageRequestclass returns true.

我认为问题不在于你的政策,而在于你的PageRequest班级。确保authorize()您的App\Http\Requests\PageRequest类中的方法返回true.

class PageRequest extends FormRequest
{
    /**
    * Determine if the user is authorized to make this request.
    *
    * @return bool
    */
    public function authorize()
    {
        return true; // you can also check the authorization using PagePolicy here
    }
}

回答by Darren Murphy

Current code:

当前代码:

protected $policies = [
    Task::class => TaskPolicy::class,
];

Solution code:

解决代码:

protected $policies = [
    'App\Task' => 'App\Policies\TaskPolicy',
];

I experienced the same problem, while following the Intermediate Task List Tutorialon the Laravel website.

我在学习 Laravel 网站上的中级任务列表教程时遇到了同样的问题。

The solution is actually present in the Github code for this tutorial.

该解决方案实际上存在于本教程Github 代码中

相关推荐

如何在 Laravel 5 中显示计数数据

如何在 Laravel 5 中显示计数数据

Laravel 5.3+ 中的 Route::controller() 替代方案

Laravel 5.3+ 中的 Route::controller() 替代方案

如何在 Laravel 中使用控制器更新图像?

如何在 Laravel 中使用控制器更新图像?

使用 Supervisor 运行多个 Laravel 队列工作器

使用 Supervisor 运行多个 Laravel 队列工作器

相关推荐
最近更新
标签