使用策略的this-> authorize()在store()方法内的laravel控制器中签入

Ram*_*rid 5 php authorize policies laravel entrust

因此,我正在阅读有关使用laravel策略为我的应用程序资源授予权限的信息,但是尽管我遵循了该教程,但似乎还是有问题。

我有一个用户模型,除具有Entrust角色“ Admin”或“ Broker” 的其他用户外,无法通过HTTP请求创建。我了解并成功地将其用于其他操作(例如为用户编制索引)如下:

AuthServiceProvider.php私有$policies数组内部,我用UserPolicy类似的类注册了该User类

class AuthServiceProvider extends ServiceProvider {

    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        User::class => UserPolicy::class,
        Insured::class => InsuredPolicy::class
    ];

    public function boot(GateContract $gate)
    {
        $this->registerPolicies($gate);
    }
}
Run Code Online (Sandbox Code Playgroud)

定义UserPolicy控制器类:

class UserPolicy {

    use HandlesAuthorization;

    protected $user;

    public function __construct(User $user) {
        $this->user = $user;
    }

    public function index(User $user) {
        $is_authorized = $user->hasRole('Admin');
        return $is_authorized;
    }

    public function show(User $user, User $user_res) {

        $is_authorized = ($user->id == $user_res->id);
        return $is_authorized;    
    }

    public function store() {
        $is_authorized = $user->hasRole('Admin');
        return $is_authorized;
    }
}
Run Code Online (Sandbox Code Playgroud)

然后在UserController班级内部,在执行关键操作之前,我会this->authorize()根据用户的权限使用检查来停止或继续

class UserController extends Controller
{

    public function index()
    {
        //temporary authentication here
        $users = User::all();
        $this->authorize('index', User::class);
        return $users;
    }

    public function show($id)
    {
        $user = User::find($id);
        $this->authorize('show', $user);
        return $user;
    }

    public function store(Request $request) {


        $user = new User;
        $user->name = $request->get('name');
        $user->email = $request->get('email');
        $user->password = \Hash::make($request->get('password'));

        $this->authorize('store', User::class);

        $user->save();

        return $user;

    }
}
Run Code Online (Sandbox Code Playgroud)

问题是,$this->authorize()总是在返回异常的存储操作时停止该过程:此操作是未授权的。

我为authorize()的参数尝试了多种变体,但无法使其像索引操作一样工作

Ami*_*pta 5

store()函数中,UserPolicy::class您没有传递 User 模型对象:

public function store(User $user) {
   $is_authorized = $user->hasRole('Admin');
   return true;
}
Run Code Online (Sandbox Code Playgroud)

缺少参数User $user

也许这就是问题的原因。