我正在尝试授权是否允许某个用户邀请其他用户。
InvitedUserController
public function store(InvitedUserRequest $request)
{
$data = $request->all();
$data['user_id'] = auth()->user()->id;
$data['account_id'] = $request->session()->get('account_id');
InvitedUser::create($data);
}
我创建了一个FormRequest类来处理验证:
class InvitedUser extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize(Request $request)
{
$account = Account::find($request->session()->get('account_id'));
return $this->user()->can('manageUsers', $account);
}
/**
* Validation error message
*/
public function messages() {
return [
'max' => 'You may only enter up to :max characters'
];
}
public function invalid() {
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'email' => 'required|max:255|email',
'role_id' => 'required|exists:roles,id',
];
}
}
然后是我处理授权的政策:
class InvitedUserPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function manageUsers(User $user, Account $account)
{
dd('test');
$role = $user->roles()->wherePivot('account_id', $account->id)->first();
return $role->manage_users;
}
}
我注册了保单:
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
'App\InvitedUser' => 'App\Policies\InvitedUserPolicy'
];
由于某种原因,甚至没有发生dd()
调用。因此,这没有达到我的政策,所有请求都未经授权返回。
即使我更改了政策以返回true
public function manageUsers(User $user, Account $account)
{
return true;
}
我仍然会被未经授权
我如何通过FormRequest调用我的政策?为什么这不起作用?
所以,虽然这让我感到困惑,但我已经弄清了问题。
我需要将我的注册政策更改为以下内容:
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
'App\Account' => 'App\Policies\InvitedUserPolicy'
];
它使用的是Account模型,而不是InvitedUser模型。我认为是因为这就是我要传递的模型?