Handler.php第107行中的HttpException:此操作未经授权

时间:2016-07-24 08:28:10

标签: laravel-5 policy authorize

我正在学习Laravel 5.我已经完成了文档的Quickstart - intermediate。我想将Task的操作的授权检查应用于用户。我想检查目标用户是否是当前登录用户,以便使用用户的编辑操作。但是,当我尝试访问http://myfirst.app/users/2/edit时,浏览器会一直告诉我:

FatalThrowableError in UsersPolicy.php line 20:
Type error: Argument 1 passed to App\Policies\UsersPolicy::edit() must be an instance of Illuminate\Http\Request, instance of App\User given

routes.php文件

Route::get('/users/{user}', 'UsersController@view');
Route::get('/users/{user}/edit', 'UsersController@edit');
Route::patch('/users/{user}', 'UsersController@update');

AuthServiceProvider.php 

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    'App\Task' => 'App\Policies\TaskPolicy',
    'App\User' => 'App\Policies\UsersPolicy',
];

UsersPolicy.php 

namespace App\Policies;

use App\User;
use Illuminate\Http\Request;
use Illuminate\Auth\Access\HandlesAuthorization;

class UsersPolicy
{
    use HandlesAuthorization;

    public function edit(Request  $request, User $user)
    {
        return $request->user()->id === $user->id;
    }

    public function update(Request  $request, User $user)
    {
        return $request->user()->id === $user->id;
    }
}

UsersController.php 

namespace App\Http\Controllers;

use App\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class UsersController extends Controller
{

    protected $user;

    public function __construct() {
        $this->middleware('auth');
    }

    public function view(Request $request, User $user)
    {    
        if($request->user()->id == $user->id){
            return view('users.view', ['user' => $user]);
        }
        return redirect('/tasks');
    }

    public function edit(Request $request, User $user)
    {
        $this->authorize('edit', $user);
        return view('users.edit', compact('user'));
    }

    public function update(Request $request, User $user)
    {
        $this->authorize('update', $user);        
        $user->update($request->all());    
        return redirect('/users/'.$user->id);
    }
}

Document's TaskController的删除函数中,$user未传递到$this->authorized('destroy', $task)以允许TaskPolicy的destroy函数使用$user

TaskController.php 

public function destroy(Task $task)
{
    $this->authorize('destroy', $task);
    $task->delete();
    return redirect('/tasks');

}

TaskPolicy.php 

public function destroy(User $user, Task $task)
{
    return $user->id === $task->user_id;
}

无论如何,我遵循异常并向UsersController的edit函数的参数

添加了$ request 
$this->authorize('edit', $request, $user);

我得到了

HttpException in Handler.php line 107:
This action is unauthorized.

我该怎么办?

3 个答案:

答案 0 :(得分:2)

在您的请求文件集

  public function authorize()
{
    return true;
}

答案 1 :(得分:0)

试试这个:在UsersPolicy.php中添加:

enter code here/**
 * @var User
 */
protected $user;

/**
 * Create a new policy instance.
 *
 * @param User $user
 */
public function __construct(User $user)
{
    $this->user = $user;
}

在您的UsersController.php中,将$this->authorize('edit', $user);更改为$this->authorize('edit');

希望有所帮助

答案 2 :(得分:0)

根据documentation:"当没有经过身份验证的用户时,Gate会自动为所有异能返回false"。因此,在进行任何授权之前,请检查Auth :: user()是否返回当前经过身份验证的用户。

相关问题
最新问题