策略代码如下:
class userOwnedClassPolicy
{
use HandlesAuthorization;
...
public function create(User $user)
{
return ($user->userType == 'teacher');
}
...
}
此策略因此在AuthServiceProvider.php文件中注册:
class AuthServiceProvider extends ServiceProvider
{
//Map models to authorization policies.
protected $policies = [
AppModelsclassMember::class => AppPoliciesclassMemberPolicy::class,
AppModelsevaluation::class => AppPoliciesevaluationPolicy::class,
AppModelsgroup::class => AppPoliciesgroupPolicy::class,
AppModelsgroupMember::class => AppPoliciesgroupMemberPolicy::class,
AppModelssharedClass::class => AppPoliciessharedClassPolicy::class,
AppModelsslg::class => AppPoliciesslgPolicy::class,
AppModelsspreadsheet::class => AppPoliciesspreadsheetPolicy::class,
AppModelsspreadsheetValue::class => AppPoliciesspreadsheetValuePolicy::class,
AppModelsteacher::class => AppPoliciesteacherPolicy::class,
AppModelstest::class => AppPoliciestestPolicy::class,
AppModelsuserOwnedClass::class => AppPoliciesuserOwnedClassPolicy::class
];
public function boot()
{
$this->registerPolicies();
}
}
(我也尝试过使用文件路径的字符串注册策略,但这没有完成。)
控制器代码的相关部分在这里:
class ClassController extends Controller
{
...
public function store(Request $postReq)
{
$this->authorize('create', Auth::user());
userOwnedClass::create([
'name' => $postReq->input('className'),
'ownerId' => Auth::user()->id
]);
}
...
}
我已经尝试用return true代替策略中的create方法中的代码,但即使这样也失败了。我做错了什么,为什么控制器总是返回一个403错误时调用?
创建策略userOwnedClassPolicy并在AuthServiceProvider中为userOwnedClass模型设置:
AppModelsuserOwnedClass::class => AppPoliciesuserOwnedClassPolicy::class
不能只运行policy方法:
$this->authorize('create', Auth::user());
当你运行上面这行代码时,你告诉检查create方法的AppModelsUser对象的策略,但是你没有为这个模型创建任何策略。
在这种情况下,你应该像这样运行:
$this->authorize('create', AppModelsuserOwnedClass::class);
Laravel将知道它应该从userOwnedClassPolicy策略中运行create方法,它将自动将当前认证的用户传递到策略方法中的$user变量。