我正在Laravel建立一个网站。我试图只允许创建模型的用户查看/修改模型。我注册了策略,并在路由中使用中间件来限制查看/修改/删除/更新操作,但我始终是未经授权。
TrashPrivateReportPolicy:
class TrashPrivateReportPolicy
{
use HandlesAuthorization;
public function before(User $user){
if($user->can('manage_all_projects')){
return true;
}
}
public function results(User $user, TrashPrivateReport $trash_private_report){
return $user->reports()->map(function($report){$report->trash_report();})->contains($trash_private_report);
}
}
AuthServiceProvider
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
//'App\Model' => 'App\Policies\ModelPolicy',
'App\TrashPrivateReport' => 'App\Policies\TrashPrivateReportPolicy',
];
public function boot()
{
$this->registerPolicies();
Gate::before(function($user,$ability){
return $user->abilities()->pluck('name')->contains($ability);
});
}
}
路由:web.php
Route::get('/trash_private_reports/results/{trash_private_report}','TrashPrivateReportController@results')->name('trash_private_reports.results')->middleware('can:results,trash_private_report');
所以当我以Lambda用户身份连接并希望查看页面结果时禁止'/ trash_private_reports / results / id /'访问。该政策似乎没有被调用。我在策略的方法中尝试了dd(..),但没有任何反应。
将策略数组更改为:
TrashPrivateReport :: class => TrashPrivateReportPolicy :: class
更新和清除:
composer dump-autoload
php artisan route:clear
php artisan view:clear
php artisan config:clear
感谢您的帮助:)
Route::get('/trash_private_reports/results/{trash_private_report}','TrashPrivateReportController@results')->name('trash_private_reports.results')->middleware('can:results,App\TrashPrivateReport');