axios 帖子上的 403（禁止）。拉拉维尔 5.7

Question

我试图在 vuejs 组件上使用 axios 执行发布请求，但它抛出错误403 forbidden。这是我的 post 请求的 javascript 代码：

\n\n

createMessage() {\n            axios.post('/mensajes/guardar', {\n                subject: this.subject,\n                username: this.username,\n                content: this.editorContent\n            })\n            .then((res) => {\n                this.formProcessed = true\n                this.swalMixin('success', '\xc2\xa1Mensaje enviado!')\n                setTimeout(() => { window.location = '/mensajes' }, 3000)\n            })\n            .catch((err) => {\n                let errors = err.response.data.errors\n                let firstError = Object.keys(errors)[0]\n                let message = errors[firstError][0]\n                this.swalMixin('error', message)\n            })\n        }\n

\n\n

处理它的控制器的功能：

\n\n

public function store(MessageStoreRequest $request)\n    {\n        $recipient = User::where('username', $request->username)->firstOrFail();\n\n        $message = Message::create([\n            'sender_id' => Auth::id(),\n            'recipient_id' => $recipient->id,\n            'subject' => $request->title,\n            'content' => $request->content,\n        ]);\n\n        return response()->json([\n            'message' => 'success'\n        ], 200);\n    }\n

\n\n

我的消息模型路由组：

\n\n

Route::prefix('mensajes')->middleware(['auth', 'verified'])->group(function () {\n    Route::get('/', 'MessageController@index')->name('message.index');\n    Route::get('/ver/{id}', 'MessageController@show')->name('message.show');\n    Route::get('/crear', 'MessageController@create')->name('message.create')->middleware('can:create,App\\Message');\n    Route::post('/guardar', 'MessageController@store')->name('message.store')->middleware('can:create,App\\Message');\n});\n

\n\n

我创建了一个自定义请求来处理验证：

\n\n

<?php\n\nnamespace App\\Http\\Requests;\n\nuse Illuminate\\Foundation\\Http\\FormRequest;\n\nclass MessageStoreRequest extends FormRequest\n{\n    /**\n     * Determine if the user is authorized to make this request.\n     *\n     * @return bool\n     */\n    public function authorize()\n    {\n        return false;\n    }\n\n    /**\n     * Get the validation rules that apply to the request.\n     *\n     * @return array\n     */\n    public function rules()\n    {\n        return [\n            'subject' => 'required|min:12',\n            'username' => 'required|',\n            'content' => 'required|min:37'\n        ];\n    }\n\n    /**\n     *  Custom message for validation\n     *\n     * @return array\n     */\n    public function messages()\n    {\n        return [\n            'subject.required' => 'El asunto es obligatorio.',\n            'subject.min' => 'El asunto debe contener al menos 10 caracteres.',\n            'username.required' => 'El destinatario es obligatorio.',\n            'content.required' => 'El contenido del mensaje no puede estar vac\xc3\xado.',\n            'content.min' => 'El contenido del mensaje debe ser de al menos 30 caracteres.'\n        ];\n    }\n\n    /**\n     *  Filters to be applied to the input.\n     *\n     * @return array\n     */\n    public function filters()\n    {\n        return [\n            'subject' => 'trim',\n            'username' => 'trim',\n            'content' => 'trim'\n        ];\n    }\n}\n

\n\n

消息模型有这样的策略：

\n\n

/**\n     * Determine whether the user can create messages.\n     *\n     * @param  \\App\\User  $user\n     * @return mixed\n     */\n    public function create(User $user)\n    {\n        return $user->hasAccess(['create-message']);\n    }\n

\n\n

我找不到问题所在。我一直在与其他模型进行类似的工作，这是第一个抛出此错误的模型。

\n

Answer 1

authorize()让我们将您的自定义请求中的函数更改return true为return false.

该功能用于根据权限允许或禁止访问。