我想授权给'卖家'角色的用户。如何为'卖家'提供一个策略,使卖家不能读取其他卖家的订单数据。
我的订单表与4个表有关系。下面是我的订单图
订单模型 [Order.php]
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class Order extends Model
{
public function items()
{
return $this->belongsToMany(Product::class, 'order_items','order_id','product_id')->withPivot('quantity','price');
}
public function user()
{
return $this->belongsTo(User::class);
}
}
订单策略 [OrderPolicy.php]
<?php
namespace App\Policies;
use App\User;
use App\Order;
use Illuminate\Auth\Access\HandlesAuthorization;
class OrderPolicy
{
use HandlesAuthorization;
public function before($user, $ability)
{
if ($user->hasRole('admin')) {
return true;
}
}
public function browse(User $user)
{
return $user->hasRole('seller');
}
public function read(User $user, Order $order)
{
if(empty($order-> )) {
return false;
}
return $user->id == $order-> ;
}
}