Laravel指数政策

时间:2017-04-02 21:20:25

标签: php authorization laravel-5.4

我使用Laravel 5.4,我正在尝试为索引视图编写策略。我正在尝试使用Method Without a Model,我收到以下错误:

  

Handler.php第133行中的HttpException:

     

此操作未经授权。

这是我的控制器:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\County;
use Session;
use App\Http\Controllers\Controller;

class CountyController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        $counties = County::orderBy('id', 'desc')->paginate(5);
        $this->authorize('index');

        return view('county.index', array(
                'counties' => $counties
            ));
    }

这是我的AuthServicePovider:

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Role;
use App\County;

use App\Policies\CountyPolicy;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        County::class => CountyPolicy::class,
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Gate::define('is-Admin', function ($user) {
            if($user->roles()->where('name','Admin')->first()){
                return true;
            }
            return false;
        });
    }
}

这是我的政策:

<?php

namespace App\Policies;

use App\User;
use App\Role;
use App\County;
use Illuminate\Auth\Access\HandlesAuthorization;

class CountyPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function index(User $user)
    {
        $userRoles = $user->getRoleNames();
        $acceptedRoles = ['Sudo','Admin'];
        $testArr = array_intersect($acceptedRoles, $userRoles);

        dd($testArr);

        if(!empty($testArr)){
            return true;
        }
        return false;
        //
    }

    /**
     * Determine whether the user can view the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function view(User $user, County $county)
    {
        $userRoles = $user->getRoleNames();
        $acceptedRoles = ['Sudo','Admin','Client'];
        $testArr = array_intersect($acceptedRoles, $userRoles);

        if(!empty($testArr)){
            return true;
        }
        return false;
        //
    }

    /**
     * Determine whether the user can create counties.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
    }

    /**
     * Determine whether the user can update the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function update(User $user, County $county)
    {
        //
    }

    /**
     * Determine whether the user can delete the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function delete(User $user, County $county)
    {
        //
    }
}

我从未在索引策略中获得dd($ testArr)。此外,观点政策也非常有效。

如何为索引视图编写策略?

1 个答案:

答案 0 :(得分:5)

保持一切不变但改变:

$this->authorize('index');

$this->authorize('index', County::class);

修复了问题。显然,模型类需要传递给不需要模型的动作。这仅在Laravel的docs的中间件部分描述,而不是控制器助手......有点令人困惑。