Resource如何使用Policy认证

最新推荐文章于 2024-06-22 17:14:42 发布

uzkuvh2ADQDZClPn

最新推荐文章于 2024-06-22 17:14:42 发布

阅读量311

点赞数 1

CC 4.0 BY-SA版权

分类专栏： Laravel

原文链接：https://laracasts.com/discuss/channels/laravel/how-to-apply-policy-to-a-resource-controller?page=1

Laravel 专栏收录该内容

12 篇文章

订阅专栏

本文探讨了在Laravel框架中如何为资源控制器正确应用策略，以实现更优雅的权限控制。作者分享了使用$this->authorizeResource遇到的问题，并通过社区讨论找到了解决方案，包括正确注册策略和使用类型提示。

https://laracasts.com/discuss/channels/laravel/how-to-apply-policy-to-a-resource-controller?page=1

How to apply policy to a resource controller?

Hello. I have a basic resource controller and placing $this->authorize in every method isn't very good I think(maybe I am wrong). Also I have some custom methods(upload, develop) and I'd like to apply policy to those too. I found this method: $this->authorizeResource, but it always shows me "This action is unauthorized.". My model name is snake-cased(EmailList). Also my resource controller methods doesn't require model instance. Here is what I mean:

public function show($id) //--- As you see, no model instance here
    {
        $list = EmailList::find($id);
        //$this->authorize('view', $list);  //--- This works perfectly, by the way..
        return view('dispatch.lists.exact')->with('list', $list);
    }

Awaiting for your reply, thanks in advance!

Level 50

tykus•Jan 9, 2018

Why can you not typehint the model? If you have a resource route with a hyphen, then the wildcard parameter will be snake_case...

...and in the controller, you can use camelCase for the typehinted variable name:

public function show(EmailList $emailList)
{
    return view('dispatch.lists.exact')->with('list', $emailList);
}

Level 50

martinbean•Jan 9, 2018

@Void If you’re extending the base controller in Laravel, then you can use the authorizeResource() method:

class ArticleController extends Controller
{
    public function __construct()
    {
        $this->authorizeResource(Article::class);
    }

    public function index()
    {
        //
    }

    public function create()
    {
        // Will call ArticlePolicy::create()
    }

    public function store()
    {
        // Will call ArticlePolicy::create()
    }

    public function show()
    {
        // Will call ArticlePolicy::view()
    }

    public function edit()
    {
        // Will call ArticlePolicy::update()
    }

    public function create()
    {
        // Will call ArticlePolicy::update()
    }

    public function create()
    {
        // Will call ArticlePolicy::delete()
    }
}

Level 50

tykus•Jan 9, 2018

@martinbean nice!

7f26ec6df9639f8b3580acadbd8b9076?s=100&d=https%3A%2F%2Fs3.amazonaws.com%2Flaracasts%2Fimages%2Fforum%2Favatars%2Favatar-7.png 转存失败重新上传取消

Level 1

Void•Jan 10, 2018

Well, I did some changes to the code:

class EmailListsController extends Controller
{
    public function __construct()
        {
            $this->authorizeResource(EmailList::class);
        }
    ....
    public function show(EmailList $list)
        {
            return view('dispatch.lists.exact')->with('list', $list);
        }
    ....
}

But it always returns "This action is unauthorized.". Here is my view method in EmailListPolicy file:

....
    public function view(User $user, EmailList $list)
    {
        return $user->id === $list->user_id;
    }
....

And my route:

Route::resource('lists', 'Dispatch\EmailListsController');

What`s wrong?

Level 1

ehsanhoushmand•Jun 7, 2018

Do you register your policy in AuthServiceProvider?

Level 50

martinbean•Jun 7, 2018

@ehsanhoushmand Did you see the last reply was four months ago?