Laravel(7)资源政策不';如果不使用CamelCase,请为视图策略获取403(显示在控制器中)
这里有两个示例,第一个用于ResourceController(返回200-ok),第二个用于ResourceLogsController(返回403-未授权) api.phpLaravel(7)资源政策不';如果不使用CamelCase,请为视图策略获取403(显示在控制器中),laravel,authorization,policies,Laravel,Authorization,Policies,这里有两个示例,第一个用于ResourceController(返回200-ok),第二个用于ResourceLogsController(返回403-未授权) api.php // RESOURCES Route::apiResource('resources','Api\ResourceController'); // RESOURCELOGS Route::apiResource('resourcelogs','Api\ResourceLogController'); AuthServ
// RESOURCES
Route::apiResource('resources','Api\ResourceController');
// RESOURCELOGS
Route::apiResource('resourcelogs','Api\ResourceLogController');
AuthServiceProvider:
use App\Policies\ResourcePolicy;
use App\Policies\ResourceLogPolicy;
// ...
protected $policies = [
Resource::class => ResourcePolicy::class,
ResourceLog::class => ResourceLogPolicy::class
];
资源控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(Resource::class, 'resource');
}
public function index(Resource $resource)
{
dd('authorization ok');
}
public function show(Resource $resource)
{
dd('authorization ok');
}
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourcelog');
}
public function index(ResourceLog $resourceLog)
{
dd('authorization ok');
}
public function show(ResourceLog $resourceLog)
{
dd('no authorization here');
}
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourceLog');
}
ResourceLogController:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(Resource::class, 'resource');
}
public function index(Resource $resource)
{
dd('authorization ok');
}
public function show(Resource $resource)
{
dd('authorization ok');
}
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourcelog');
}
public function index(ResourceLog $resourceLog)
{
dd('authorization ok');
}
public function show(ResourceLog $resourceLog)
{
dd('no authorization here');
}
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourceLog');
}
ResourcePolicys:只返回一个简单的true作为测试
class ResourcePolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, Resource $resource)
{
return true;
}
class ResourceLogPolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, ResourceLog $resourceLog)
{
return true;
}
ResourceLogPolicys:只返回一个简单的true作为测试
class ResourcePolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, Resource $resource)
{
return true;
}
class ResourceLogPolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, ResourceLog $resourceLog)
{
return true;
}
我尝试更改$this->authorizeLogResource中小写、chamelcase等的第二个参数
$this->authorizeResource(ResourceLog::class,'ResourceLog');
$this->authorizeResource(ResourceLog::class,'App\ResourceLog');//=函数App\Policies\ResourceLogPolicy::view()的参数太少,传递了1个
我确实在中间件下看到了resource而不是resourceLog
在泰勒·罗特韦尔本人的帮助下回答: 在路由器中:
Route::apiResource('resourceLogs','Api\ResourceLogController');
控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(Resource::class, 'resource');
}
public function index(Resource $resource)
{
dd('authorization ok');
}
public function show(Resource $resource)
{
dd('authorization ok');
}
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourcelog');
}
public function index(ResourceLog $resourceLog)
{
dd('authorization ok');
}
public function show(ResourceLog $resourceLog)
{
dd('no authorization here');
}
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourceLog');
}
方法:
public function show(ResourceLog $resourceLog)
{
return new ResourceLogResource($resourceLog);
}
路由和授权资源中的“resourceLogs”$resourceLog(!)需要具有相同的大小写。我认为这是一个错误,我将现有的工作资源控制器从RuleController更改为AccessRightController,包括依赖项,并且出现了相同的403