此方法authorizeResource()将特定策略应用于所有路由(索引路由除外)。是否有办法仅在特定路线上应用策略,类似于此功能:
Route::resource('photo', 'PhotoController', ['only' => [
'index', 'show'
]]);
答案 0 :(得分:1)
您可以在控制器中实际定义中间件:
public PhotoController extends Controller {
public function __construct() {
$this->middleware("can:save,photo")->only(["save","edit"]); //You get the idea
}
}
这假设您已经编写了正确的政策(检查https://laravel.com/docs/5.4/authorization)
答案 1 :(得分:1)
是的,authorizeResource accepts an $options array as a third parameter。只需传递null作为第二个参数,选项的语法与路由中间件的语法相同。
public function __construct()
{
$this->authorizeResource(Photo::class, null, [
'only' => ['create', 'store'],
]);
}
答案 2 :(得分:1)
尽管@JeffPucket在his answer中指出,但only选项并不适用于我。我正在运行 Laravel 5.5 ,其工作原理是逆逻辑:
public function __construct()
{
$this->authorizeResource(Photo::class, null, [
'except' => [ 'index', 'show' ],
]);
}
请注意,您应该将您不想要应用策略的操作(控制器方法)传递给该选项。在这种情况下,index和show将绕过授权中间件。
仅供比较,以下是使用每个选项时php artisan route:list的结果:
<强>仅
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| | POST | comment | comment.store | App\Http\Controllers\CommentController@store | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment | comment.index | App\Http\Controllers\CommentController@index | web,auth,can:view,App\Http\Controllers\Comment |
| | GET|HEAD | comment/create | comment.create | App\Http\Controllers\CommentController@create | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment/{comment} | comment.show | App\Http\Controllers\CommentController@show | web,auth,can:view,comment |
| | PUT|PATCH | comment/{comment} | comment.update | App\Http\Controllers\CommentController@update | web,auth,can:update,comment |
| | DELETE | comment/{comment} | comment.destroy | App\Http\Controllers\CommentController@destroy | web,auth,can:delete,comment |
| | GET|HEAD | comment/{comment}/edit | comment.edit | App\Http\Controllers\CommentController@edit | web,auth,can:update,comment |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
<强>除了
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| | POST | comment | comment.store | App\Http\Controllers\CommentController@store | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment | comment.index | App\Http\Controllers\CommentController@index | web,auth |
| | GET|HEAD | comment/create | comment.create | App\Http\Controllers\CommentController@create | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment/{comment} | comment.show | App\Http\Controllers\CommentController@show | web,auth |
| | PUT|PATCH | comment/{comment} | comment.update | App\Http\Controllers\CommentController@update | web,auth,can:update,comment |
| | DELETE | comment/{comment} | comment.destroy | App\Http\Controllers\CommentController@destroy | web,auth,can:delete,comment |
| | GET|HEAD | comment/{comment}/edit | comment.edit | App\Http\Controllers\CommentController@edit | web,auth,can:update,comment |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
如上所示,中间件仅在使用except时应用于特定路由。
也许这是框架中的一个错误。但很难确认,因为这个选项似乎没有记录。甚至关于authorizeResource()方法的详细信息也不存在。