[英]Laravel 5.2 - Checking Authorization Abilities in a Multi Auth Application
Lets say I have the following guards set up and I'm logged in as both a jobseeker and a recruiter. 可以说我设置了以下警卫,并且以求职者和招聘者的身份登录。 How can I check an authorization ability for a particular logged in user? 如何检查特定登录用户的授权能力? The default will simply pass in the current logged in user to the policy but which one? 默认值只是将当前登录的用户传递给该策略,但是哪个?
The guards: 守卫:
return [
'guards' => [
'jobseeker' => [
'driver' => 'session',
'provider' => 'users',
],
'recruiter' => [
'driver' => 'session',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
]
The policy: 政策:
protected $policies = [
Post::class => PostPolicy::class,
];
The action: 那个行动:
public function update($id)
{
$post = Post::findOrFail($id);
if (Gate::denies('update-post', $post)) {
abort(403);
}
// Update Post...
}
Perhaps the following: 可能是以下情况:
public function update($id)
{
// get the user to authorize
$user = auth()->guard('recruiter')->user();
$post = Post::findOrFail($id);
// option one
if (Gate::denies('update-post', [$user, $post])) {
abort(403);
}
// option two
if (Gate::forUser($user)->denies('update-post', $post)) {
abort(403);
}
// option 3
if ($user->cannot('update-post', $post)) {
abort(403);
}
// Update Post...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.