我正在Laravel中建立一个网站。我试图只允许创建模型的用户查看/修改模型。我注册了该策略,并在路由中使用了中间件来限制查看/修改/删除/更新操作,但我始终未经授权。
TrashPrivateReportPolicy:
class TrashPrivateReportPolicy
{
use HandlesAuthorization;
public function before(User $user){
if($user->can('manage_all_projects')){
return true;
}
}
public function results(User $user, TrashPrivateReport $trash_private_report){
return $user->reports()->map(function($report){$report->trash_report();})->contains($trash_private_report);
}
}
AuthServiceProvider
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
//'App\Model' => 'App\Policies\ModelPolicy',
'App\TrashPrivateReport' => 'App\Policies\TrashPrivateReportPolicy',
];
public function boot()
{
$this->registerPolicies();
Gate::before(function($user,$ability){
return $user->abilities()->pluck('name')->contains($ability);
});
}
}
路由: web.php
Route::get('/trash_private_reports/results/{trash_private_report}','TrashPrivateReportController@results')->name('trash_private_reports.results')->middleware('can:results,trash_private_report');
因此,当我以Lambda用户身份连接并希望查看页面结果时,
禁止'/ trash_private_reports / results / id /'访问。
该政策似乎没有被调用。我在策略方法中尝试了dd(..),但没有任何反应。
将策略数组更改为:
TrashPrivateReport :: class => TrashPrivateReportPolicy :: class
更新和清除:
composer dump-autoload
php手工艺路线:清除
php artisan view:clear
php artisan config:clear
感谢您的帮助:)
答案 0 :(得分:0)
编辑:
我通过将之前替换为之后
,解决了该问题Gate::after(function($user,$ability){
return $user->abilities()->pluck('name')->contains($ability);
});
答案 1 :(得分:0)
这对我有用:
Route::get('/', [UserController::class, 'index'])->middleware('can:viewAny,' . \App\Models\User::class)
或
Route::get('/', [UserController::class, 'index'])->middleware('can:viewAny,App\Models\User')
我的模型是 App\Models\User。我在 Laravel 8.33.1 上测试过。
答案 2 :(得分:-1)
middleware的第二个参数应该是模型。
Route::get('/trash_private_reports/results/{trash_private_report}','TrashPrivateReportController@results')->name('trash_private_reports.results')->middleware('can:results,App\TrashPrivateReport');