在laravel 5.2 中正确使用策略? 我不能
[英]As correctly use policies in laravel 5.2? I can not
问题描述
I have a problem, I can not use policies in laravel 5.2.
我有一个问题,我不能在 laravel 5.2 中使用策略。
I have 2 tables, students and tasks .我有 2 个表,学生和任务。
I try to apply a policy to prevent editing of a task by changing the url, but I always get the message This action is unauthorized although the task is the correct user.我尝试通过更改 url 来应用策略以防止编辑任务,但我总是收到消息此操作未经授权,尽管该任务是正确的用户。
Policy Code:政策代码:
<?php
namespace App\Policies;
use App\Models\Student;
use App\Models\Task;
class TasksPolicy
{
public function edit(Student $student, Task $tasks)
{
return $student->id === $tasks->student_id;
}
}
Code in AuthServiceProvider.php AuthServiceProvider.php 中的代码
<?php
namespace App\Providers;
use App\Models\Task;
use App\Policies\TasksPolicy;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
Task::class => TasksPolicy::class
];
And then the call in the TaskController.php file:然后在 TaskController.php 文件中调用:
public function edit($id)
{
$tasks = Task::findOrFail($id);
$this->authorize('edit', $tasks);
return view('tasks.edit', compact('tasks'));
}
I think the code is good because I've revised several times, but as I said earlier I always get the message This action is unauthorized although the task is to edit the user.我认为代码很好,因为我已经修改了几次,但正如我之前所说,我总是收到消息尽管任务是编辑用户,但此操作未经授权。
http://i.imgur.com/2q6WFb3.jpg http://i.imgur.com/2q6WFb3.jpg
What am I doing wrong?我究竟做错了什么? As I can use the policy correctly?因为我可以正确使用该政策?
2 个解决方案
解决方案1
0 2016-03-31 07:22:52
you are using "===" which means that both side data and datatype will match.May be your data are matched,not datatype,you may try using "==" 你正在使用“===”这意味着双方数据和数据类型都匹配。可能你的数据是匹配的,而不是数据类型,你可以尝试使用“==”
public function edit(Student $student, Task $tasks)
{
return $student->id == $tasks->student_id;
}
解决方案2
0 2021-12-16 09:23:09
Two things: one is the name of the method and the other is the order of parameters.两件事:一是方法的名称,二是参数的顺序。 The method name should be 'update', not 'edit' - these are predefined, at least in later versions of Laravel.方法名称应该是 'update',而不是 'edit' - 这些是预定义的,至少在 Laravel 的后续版本中是这样。 You might be getting the authorization error because the name 'edit' is not recognized by Laravel, so the policy for update is never defined.您可能会收到授权错误,因为 Laravel 无法识别名称“edit”,因此从未定义更新策略。
The order of arguments also matters.参数的顺序也很重要。 When there are parameters passed to policy methods, the User model has to be the first parameter, followed by all the others.当有参数传递给策略方法时,用户模型必须是第一个参数,然后是所有其他参数。
public function update(User $user, [... other objects...])
So, you'd have所以,你会有
update(User $user, Student $student, Task $tasks)
Laravel will inject the Authenticated User Model but other objects have to be passed directly. Laravel 将注入 Authenticated User Model 但其他对象必须直接传递。
$this->authorize('edit', $student, $tasks);
Hopefully that will work.希望这会奏效。
If your Student class extends User Class, you may be thinking that you can substitute Student for User in the method prototype.如果您的 Student 类扩展了 User 类,您可能会认为可以在方法原型中用 Student 代替 User。 You can't do that - that's a different method altogether.你不能那样做——那是完全不同的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.