Spatie / Laravel-Permission映射具有控制器方法的权限
[英]Spatie/Laravel-Permission mapping permissions with controller methods
问题描述
does anyone know a way of mapping the controller methods with permissions authorisation? 
有谁知道一种使用权限授权映射控制器方法的方法?
Let's say that I have 20 controllers, with index , store , show and delete methods and I don't wanna put in each method of this controller the correspondent permission, just for the sake of ... DRY. 假设我有20个控制器,它们具有index , store , show和delete方法,并且我不想为了这个... DRY而在该控制器的每个方法中都添加相应的权限。
What I wanna do instead is trying to map the permissions with controller actions. 我想做的是尝试将权限与控制器操作映射在一起。
An example would be: 一个例子是:
https://laravel.com/docs/5.5/authorization#writing-gates https://laravel.com/docs/5.5/authorization#writing-gates
Gate::resource('posts', 'PostPolicy');
This is identical to manually defining the following Gate definitions:
Gate::define('posts.view', 'PostPolicy@view');
Gate::define('posts.create', 'PostPolicy@create');
Gate::define('posts.update', 'PostPolicy@update');
Gate::define('posts.delete', 'PostPolicy@delete');
for me something like this would fit: 对我来说,这样的事情适合:
Permission::map('route', 'permission');
Permission::map('users.store', 'create-user');
or even better 甚至更好
Permission::mapResource('users', '????');
1 个解决方案
解决方案1
0 2018-01-26 16:09:26
I created a Trait for that, if you have a better suggestion please. 如果您有更好的建议,我为此创建了一个特质。
namespace App\Traits;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Request;
use Illuminate\Support\Pluralizer;
use Spatie\Permission\Exceptions\UnauthorizedException;
trait Authorisation
{
private $permissions = [
'index' => 'view',
'store' => 'create',
'show' => 'view',
'update' => 'edit',
'destroy' => 'delete'
];
private $action;
public function callAction($method, $parameters)
{
$permission = $this->getPermission($method);
if(($permission && Auth::user()->can($permission)) || !$permission)
return parent::callAction($method, $parameters);
if(Request::ajax()) {
return response()->json([
'response' => str_slug($permission.'_not_allowed', '_')
], 403);
}
throw UnauthorizedException::forPermissions([$permission]);
}
public function getPermission($method)
{
if(!$this->action = array_get($this->getPermissions(), $method)) return null;
return $this->routeName() ? $this->actionRoute() : $this->action;
}
public function registerActionPermission($action, $permission) {
$this->permissions[$action] = $permission;
}
private function actionRoute() {
return Pluralizer::singular($this->action . '-' . $this->routeName());
}
private function routeName() {
return explode('.', Request::route()->getName())[0];
}
private function getPermissions()
{
return $this->permissions;
}
}
And use it in controller like: 并在控制器中使用它,例如:
use Authorisation;
and if a want a custom permission for an action which does not exist in the $permissions : 并且如果想要对$permissions中不存在的操作的自定义$permissions :
$this->registerActionPermission('action_name', 'action-permission');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.