假设我设置了以下警卫,我作为求职者和招聘人员登录。如何检查特定登录用户的授权能力?默认情况下,只会将当前登录的用户传递给策略,但是哪一个?
警卫:
return [
'guards' => [
'jobseeker' => [
'driver' => 'session',
'provider' => 'users',
],
'recruiter' => [
'driver' => 'session',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
]
政策:
protected $policies = [
Post::class => PostPolicy::class,
];
行动:
public function update($id)
{
$post = Post::findOrFail($id);
if (Gate::denies('update-post', $post)) {
abort(403);
}
// Update Post...
}
答案 0 :(得分:0)
或许如下:
public function update($id)
{
// get the user to authorize
$user = auth()->guard('recruiter')->user();
$post = Post::findOrFail($id);
// option one
if (Gate::denies('update-post', [$user, $post])) {
abort(403);
}
// option two
if (Gate::forUser($user)->denies('update-post', $post)) {
abort(403);
}
// option 3
if ($user->cannot('update-post', $post)) {
abort(403);
}
// Update Post...
}