试图编写策略以启用Laravel中的帖子评论
[英]trying to write Policy for enabling comment of posts in Laravel
问题描述
In laravel I have a Follower table that I use to check if a User is folowing another User and also if he can comment on Posts. 
在laravel中,我有一个Follower表,用于检查某个用户是否关注另一个用户以及他是否可以对帖子发表评论。
The table is like this: 该表是这样的:
Schema::create('followers', function (Blueprint $table) {
$table->unsignedInteger('publisher_id')->unsigned();
$table->unsignedInteger('follower_id')->unsigned();
$table->boolean('enable_follow')->default('1');
$table->unique(['publisher_id', 'follower_id']);
$table->timestamps();
$table->foreign('publisher_id')
->references('id')
->on('users')
->onDelete('cascade');
$table->foreign('follower_id')
->references('id')
->on('users')
->onDelete('cascade');
});
and these are the checks that I make to decide if a User can comment a Post: 这些是我用来确定用户是否可以评论帖子的检查:
public function canComment(User $user, Post $post)
{
$following = Follower::where('follower_id', $user->id)->where('publisher_id', $post->user_id)->select('enable_follow')->get();
if (!$following->isEmpty()) {
$enabled = $following[0]['enable_follow'];
if ($enabled != '0') {
return true;
} else {
return false;
}
} else if ($following->isEmpty()) {
return true;
}
}
And this is the controller part for storing, as You can see I'm trying to authorize like this: $this->authorize('canComment', $post[0]); 这是用于存储的控制器部分,您可以看到我正在尝试像这样进行授权: $this->authorize('canComment', $post[0]);
public function store(Request $request)
{
//on_post, from_user, body
// define rules
$rules = array(
'post_id' => 'required',
'body' => 'required'
);
$validator = Validator::make(Input::all(), $rules);
$post_id = $request->input('post_id');
$post = Post::findOrFail($post_id);
if ($validator->fails()) {
return Response()->json($validator);
} else {
$this->authorize('canComment', $post);
//prepares object to be stored in DB
$comment = new Comment();
$comment['user_id'] = $request->user()->id;
$comment['post_id'] = $post_id;
$comment['body'] = $request->input('body');
$comment->save();
if ($comment) {
$comment['user_name'] = $request->user()->username;
$comment['comment_id'] = $comment->id;
$comment['token'] = $request->input('_token');
}
return Response()->json($comment);
}
}
The problem here is I get a 403 (Forbidden) error in a situation where I have $following empty and where following is enabled. 这里的问题是在以下情况下,我收到403(禁止)错误: $following空,并且启用了跟踪。 The Policy is not working as expected. 该政策未按预期运行。
Source code for authorize method in Gate facade: Gate门面中的authorize方法的源代码:
public function authorize($ability, $arguments = [])
{
$result = $this->raw($ability, $arguments);
if ($result instanceof Response) {
return $result;
}
return $result ? $this->allow() : $this->deny();
}
Maybe I am not correct returing true or false in the policy as this code expect the result to be an instance of Response but so what do you return to grant or deny access?? 也许我不正确地在策略中重拾是非,因为此代码期望结果是instance of Response一个instance of Response但是您返回什么来授予或拒绝访问?
1 个解决方案
解决方案1
0 2016-08-03 15:17:38
问题在于将策略放入commentPolicy中,因此它希望收到一个Comment而不是Post,将其移动到postPolicy即可解决。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.