模型中的Laravel策略以及如何避免特定视图中的授权。
[英]Laravel Policies in Model and how to avoid authorization in particular views.
问题描述
I will try to explain. 
我会尽力解释。 Im developing an Ecommerce application and in order to provide backend authorization I applied laravel Policies to a Model (product model). 我正在开发一个电子商务应用程序,并且为了提供后端授权,我将laravel策略应用于模型(产品模型)。
The problem resides when I tried to use the same product model in frontend views, where all users can see the products. 当我尝试在所有用户都可以看到产品的前端视图中使用相同的产品模型时,问题仍然存在。
Policies are applied to all the model no matter if the route view is protected and I cannot find the way to leave some views (eg: frontend>list products) retrieving information from model with no authorization policy. 无论路由视图是否受保护,策略都将应用于所有模型,并且我无法找到留下一些视图(例如:frontend> list products)的方法,该模型无需授权策略即可从模型中检索信息。
Eg: of the policy applied to View in backend: 例如:在后端中应用于视图的策略:
public function view(User $user)
{
$method = (string)$this->ability;
if ($user->hasRole($this->Model) === null) {
return 0;
}
return $user->hasRole($this->Model)->$method;
}
What I need is to create another public function in product policy that list products in frontend without requesting authorization to the user. 我需要在产品策略中创建另一个公共功能,以在不请求用户授权的情况下列出前端的产品。
thanks. 谢谢。
1 个解决方案
解决方案1
1 已采纳 2017-11-29 19:38:26
You may want to create a constructor function in your controller that allows non-authenticated users to access the products view. 您可能需要在控制器中创建一个构造函数,以允许未经身份验证的用户访问产品视图。 The following snippet provides access to every function in the controller except for the destroy (session destroy, logout) function. 以下代码段提供对控制器中除destroy(会话destroy,注销)功能之外的所有功能的访问。
public function __construct()
{
$this->middleware('guest', ['except' => 'destroy']);
}
I hope this helps point you in the right direction. 我希望这可以帮助您指出正确的方向。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.