当我使用GET Http-Verb调用Api路由时,它将返回我的用户。如果我使用DELETE或PATCH Route调用它,则返回null。
我将策略添加到完整的Controller中:
namespace App\Http\Controllers\API;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Shoppingcart;
use Validator;
use Response;
class ShoppingcartController extends Controller
{
public function __construct()
{
$this->authorizeResource(Shoppingcart::class, 'shoppingcart');
}
...
public function destroy()
{
...
}
}
然后我在策略中“死掉”用户:
namespace App\Policies;
use App\User;
use App\Shoppingcart;
use Illuminate\Auth\Access\HandlesAuthorization;
class ShoppingcartPolicy
{
use HandlesAuthorization;
public function before(?User $user, $ability)
{
dd($user);
}
public function update(User $user, Shoppingcart $shoppingcart)
{
}
public function delete(User $user, Shoppingcart $shoppingcart)
{
}
}
我在标头中验证了我的请求,并在AuthServiceProvider.php
答案 0 :(得分:0)
Web和API的身份验证不同。 API不考虑在前端设置的cookie。
我还需要将Auth中间件注册到API路由:
Route::middleware('auth:api')->group(function(){
Route::apiResource('/shoppingcarts', 'API\ShoppingcartController');
});