无法在Laravel 5.3中使用策略

时间:2016-09-10 15:08:32

标签: php laravel laravel-5 authorization policy

我一直在关注Laravel授权文档,试图通过使用策略构建“允许用户执行此操作”功能,但我无法使其工作。我不断获得This action is unauthorized,我也试过了路由中间件。

PagePolicy.php

namespace App\Policies;

use App\Models\User;
use App\Models\Page;

use Illuminate\Auth\Access\HandlesAuthorization;

class PagePolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the page.
     *
     * @param  App\Models\User  $user
     * @param  App\Models\Page  $page
     * @return mixed
     */
    public function view(User $user, Page $page)
    {
        return $user->id === $page->user_id;
    }

    /**
     * Determine whether the user can create pages.
     *
     * @param  App\Models\User  $user
     * @return mixed
     */
    public function create(User $user)
    {

    }

    /**
     * Determine whether the user can update the page.
     *
     * @param  App\Models\User  $user
     * @param  App\Models\Page  $page
     * @return mixed
     */
    public function update(User $user, Page $page)
    {
        //
    }

    /**
     * Determine whether the user can delete the page.
     *
     * @param  App\Models\User  $user
     * @param  App\Models\Page  $page
     * @return mixed
     */
    public function delete(User $user, Page $page)
    {
        //
    }
}

PageController.php

namespace App\Http\Controllers;

use Auth;
use Carbon\Carbon;

use App\Models\Page;

use App\Http\Requests\PageRequest;

class PageController extends ApiController
{
    public function createNewPage(PageRequest $request)
    {
        $this->authorize('create', Page::class);

        $request->merge([
            'user_id' => Auth::id(),
            'published_at' => Carbon::now(),
        ]);

        if (Page::create($request->all())) {
            return response()->json('success', 201);
        }

        return response()->json('error', 500);
    }

}

AuthServiceProvidor.php

namespace App\Providers;

use App\Models\Page;
use App\Policies\PagePolicy;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        Page::class => PagePolicy::class,
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

4 个答案:

答案 0 :(得分:3)

我设法搞清楚了。我没有使用Route Model Binding。因此,我在页面调用后添加了authorize()并使用了$page变量而不是Page::class

public function update(PageUpdateRequest $request, $pageSlug)
{
    $page = Page::where(['user_id' => Auth::id(), 'slug' => $pageSlug])->first();
    $this->authorize('update', $page);
    $page->update($request->all());
    return fractal()->item($page, new PageTransformer())->toArray();
}

答案 1 :(得分:1)

我并不完全清楚您尝试授权的操作,因为您已经提供了在控制器中创建的调用,但仅提供了用于查看页面的策略检查。话虽如此,我确定var_dump / dd你尝试进行类型比较的值,以验证它们是否属于同一类型。如果显式转换了任何内容,则可能会导致将某些整数作为字符串返回的某些数据库驱动程序出现问题。

答案 2 :(得分:0)

我认为问题不在您的政策中,而在您的PageRequest课程中。确保authorize()班级中的App\Http\Requests\PageRequest方法返回true

class PageRequest extends FormRequest
{
    /**
    * Determine if the user is authorized to make this request.
    *
    * @return bool
    */
    public function authorize()
    {
        return true; // you can also check the authorization using PagePolicy here
    }
}

答案 3 :(得分:-1)

当前代码:

protected $policies = [
    Task::class => TaskPolicy::class,
];

解决方案代码:

protected $policies = [
    'App\Task' => 'App\Policies\TaskPolicy',
];

我在Laravel网站上关注Intermediate Task List Tutorial时遇到了同样的问题。

解决方案实际上存在于Github code for this tutorial

相关问题
最新问题