Question

我使用Laravel 5.4，我正在尝试为索引视图编写策略。我正在尝试使用Method Without a Model，我收到以下错误：

Handler.php第133行中的HttpException：

此操作未经授权。

这是我的控制器：

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\County;
use Session;
use App\Http\Controllers\Controller;

class CountyController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        $counties = County::orderBy('id', 'desc')->paginate(5);
        $this->authorize('index');

        return view('county.index', array(
                'counties' => $counties
            ));
    }

这是我的AuthServicePovider：

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Role;
use App\County;

use App\Policies\CountyPolicy;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        County::class => CountyPolicy::class,
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Gate::define('is-Admin', function ($user) {
            if($user->roles()->where('name','Admin')->first()){
                return true;
            }
            return false;
        });
    }
}

这是我的政策：

<?php

namespace App\Policies;

use App\User;
use App\Role;
use App\County;
use Illuminate\Auth\Access\HandlesAuthorization;

class CountyPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function index(User $user)
    {
        $userRoles = $user->getRoleNames();
        $acceptedRoles = ['Sudo','Admin'];
        $testArr = array_intersect($acceptedRoles, $userRoles);

        dd($testArr);

        if(!empty($testArr)){
            return true;
        }
        return false;
        //
    }

    /**
     * Determine whether the user can view the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function view(User $user, County $county)
    {
        $userRoles = $user->getRoleNames();
        $acceptedRoles = ['Sudo','Admin','Client'];
        $testArr = array_intersect($acceptedRoles, $userRoles);

        if(!empty($testArr)){
            return true;
        }
        return false;
        //
    }

    /**
     * Determine whether the user can create counties.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
    }

    /**
     * Determine whether the user can update the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function update(User $user, County $county)
    {
        //
    }

    /**
     * Determine whether the user can delete the county.
     *
     * @param  \App\User  $user
     * @param  \App\County  $county
     * @return mixed
     */
    public function delete(User $user, County $county)
    {
        //
    }
}

我从未在索引策略中获得dd（$ testArr）。此外，观点政策也非常有效。

如何为索引视图编写策略？

Answer 1

保持一切不变但改变：

$this->authorize('index');

到

$this->authorize('index', County::class);

修复了问题。显然，模型类需要传递给不需要模型的动作。这仅在Laravel的docs的中间件部分描述，而不是控制器助手......有点令人困惑。

Laravel指数政策

1 个答案: