Laravel政策错误

时间:2019-09-06 15:33:46

标签: php laravel

我过去曾经成功使用过Laravel策略,但目前却遇到问题。

ArticleController中,我有以下方法:

/**
 * Show the form for creating a new resource.
 *
 * @return \Illuminate\Http\Response
 */
public function create()
{
    $this->authorize('create', Article::class);

    $categories = $this->categories;

    return view('editable.news.create', compact('categories'));
}

我的ArticlePolicy如下:

<?php

namespace App\Policies;

use Illuminate\Auth\Access\HandlesAuthorization;
use App\User;
use App\Article;

class ArticlePolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Determine whether the user can view the post.
     *
     * @param  \App\User $user
     * @param  \App\Post $post
     * @return mixed
     */
    public function show(User $user, Article $article)
    {
        // If the article is published
        if ($article->published) {
            return true;
        }

        // A user with permission can view unpublished articles
        if ($user->can('view unpublished articles')) {
            return true;
        }

        // Authors can view their own unpublished posts
        if ($user->username === $article->author->username) {
            return true;
        }
    }

    /**
     * Determine whether the user can create posts.
     *
     * @param  \App\User $user
     * @return mixed
     */
    public function create(User $user)
    {
        return true;
    }

    /**
     * Determine whether the user can update the post.
     *
     * @param  \App\User $user
     * @param  \App\Post $post
     * @return mixed
     */
    public function update(User $user, Article $article)
    {
        if ($user->can('edit own articles')) {
            return $user->username === $article->author->username;
        }

        if ($user->can('edit any articles')) {
            return true;
        }
    }

    /**
     * Determine whether the user can delete the post.
     *
     * @param  \App\User $user
     * @param  \App\Post $post
     * @return mixed
     */
    public function delete(User $user, Article $article)
    {
        // A user can delete their own articles
        if ($user->can('delete own articles')) {
            return $user->username === $article->author->username;
        }

        // A user with permission can delete any article
        if ($user->can('delete any articles')) {
            return true;
        }
    }
}

您可以在create方法中看到我只是返回true,这是有意的。

每当我点击创建刀片时,我总是会收到403错误。

我还有一个伴随的测试:

/** @test */
public function a_user_with_permission_can_create_an_article()
{
    $this->setupPermissions();

    $user = factory(User::class)->create();

    $user->assignRole('news contributor');

    $article = factory(Article::class)->raw(['excerpt' => null]);

    $this->actingAs($user)
        ->get(route('thanos.articles.create'))
        ->assertStatus(200);

    $this->post(route('thanos.articles.store'), $article);

    $this->assertDatabaseHas('articles', [
        'user_username' => $user->username,
        'title' => $article['title']
    ]);
}

enter image description here

0 个答案:

没有答案
相关问题
最新问题