laravel 授权策略中的访客用户
[英]Guest users in laravel authorization policies
问题描述
I use policies for user authorization.
我使用用户授权策略。 How to use policies for guest users?如何使用来宾用户的策略?
Here is my code:这是我的代码:
In controller:在控制器中:
class PostController extends Controller
{
public function index(Post $post)
{
$this->authorize($post);
return $post->all();
}
}
In policy:在政策方面:
class PostPolicy
{
// This function executes only for authenticated users.
// I want to use it for guest users too
public function index(User $user)
{
return $user->can('get-posts');
}
}
4 个解决方案
解决方案1
9 2016-09-08 16:02:45
First make a new service provider:首先创建一个新的服务提供者:
php artisan make:provider GuestServiceProvider
Then edit GuestServiceProvider.php with this:然后使用以下内容编辑 GuestServiceProvider.php:
public function boot()
{
// Laravel policies only work if the user isn't null so for guest access we need to assign a dummpy user.
// From now on to check for guest use is_null(Auth::user()->getKey())
if(!Auth::check()) {
$userClass = config('auth.providers.users.model');
Auth::setUser(new $userClass());
}
}
Now Policies will work for guest users and in your policy you can check for the guest by doing:现在策略将适用于来宾用户,在您的策略中,您可以通过执行以下操作来检查来宾:
if(is_null(Auth::user()->getKey())){
// it's a guest
}
Which essentially means if the user doesn't have an id then its not a real user, hence must be a guest.这实质上意味着如果用户没有 id 则它不是真正的用户,因此必须是访客。
解决方案2
1 2018-11-15 13:17:05
Laravel 5.7 now has this feature built in (with PHP >=7.1) See the docs on the new Gate . Laravel 5.7 现在内置了此功能(PHP >=7.1)请参阅新 Gate 上的文档。 For anyone using older versions, here is my solution.对于使用旧版本的任何人,这是我的解决方案。 Make a small helper to use the authorizeForUser method on Illuminate\\Foundation\\Auth\\Access\\AuthorizesRequests .创建一个小助手来使用Illuminate\\Foundation\\Auth\\Access\\AuthorizesRequests上的authorizeForUser方法。 It leaves all native functionality intact.它使所有本机功能完好无损。 Extend your controller:扩展您的控制器:
use App\User;
public function authorizeAnyone($ability, $arguments = []) {
list($ability, $arguments) = $this->parseAbilityAndArguments($ability, $arguments);
return $this->authorizeForUser( auth()->user() ?? new User(), $ability, $arguments);
}
Then wherever you want the possibility of checking your policy against a guest, use然后,无论您想在何处检查针对客人的政策的可能性,请使用
$this->authorizeAnyone();
instead of而不是
$this->authorize();
If you don't want to extend your controller, you can also call (for example):如果你不想扩展你的控制器,你也可以调用(例如):
$this->authorizeForUser( auth()->user() ?? new User, 'index', $post );
解决方案3
1 2021-03-07 11:52:30
In your PostPolicy change this在您的 PostPolicy 更改此
class PostPolicy{
// This function executes only for authenticated users.
// I want to use it for guest users too
public function index(User $user)
{
return $user->can('get-posts');
}
}
to:到:
class PostPolicy{
// This function executes only for authenticated users.
// I want to use it for guest users too
public function index(?User $user)
{
return $user->can('get-posts');
}
}
解决方案4
0 已采纳 2016-09-04 10:38:06
I think the simpliest way is to protect with Auth middleware.我认为最简单的方法是使用 Auth 中间件进行保护。 or check if user is authenticated in policy或检查用户是否在策略中通过身份验证
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.