[英]Resolve Laravel Auth Authenticatable to User model to address static analysis issues
We have a Laravel 8 application.我们有一个 Laravel 8 应用程序。
We're using the standard Laravel Auth
facade to retrieve the authenticated user .我们使用标准的 Laravel
Auth
外观来检索经过身份验证的用户。
Our User
model has a few custom functions, the most important of which is a shorthand function, hasPermissionTo()
.我们的
User
模型有一些自定义函数,其中最重要的是速记函数hasPermissionTo()
。 (The reason why is because we have a very custom RBAC setup.) (原因是因为我们有一个非常自定义的 RBAC 设置。)
So in a lot of our controllers, we have something like this...所以在我们的很多控制器中,我们都有这样的东西......
use Illuminate\Routing\Controller as BaseController;
class ExampleController extends BaseController
{
public function index()
{
if (\Auth::user()->hasPermissionTo('Management:View Users')) {
// do something.
}
// etc.
}
}
That's all well and good until we start running static analysis.在我们开始运行静态分析之前,一切都很好。 We're using Larastan, which is giving me these errors:
我们正在使用 Larastan,这给了我这些错误:
------ -------------------------------------------------------------------------------------------
Line Http/Controllers/ExampleController.php
------ -------------------------------------------------------------------------------------------
48 Call to an undefined method Illuminate\Contracts\Auth\Authenticatable::hasPermissionTo().
This also makes sense because the Auth
facade proxies Illuminate\Auth\AuthManager
and Auth::user()
, via __call()
magic, normally resolves to Illuminate\Auth\SessionGuard::user()
and that typehints this...这也是有道理的,因为
Auth
外观代理Illuminate\Auth\AuthManager
和Auth::user()
,通过__call()
魔法,通常解析为Illuminate\Auth\SessionGuard::user()
并且类型提示这个......
/**
* Get the currently authenticated user.
*
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function user()
{
...
So finally, my question:所以最后,我的问题:
Where is the failure here?这里的失败在哪里? Do I need to a) configure my static analysis tool better, b) configure Laravel better to more accurately return a specific type, or c) do I need to add explicit
if (Auth::user() instanceof User) { ... }
clauses all throughout my code?我是否需要 a) 更好地配置我的静态分析工具,b) 更好地配置 Laravel 以更准确地返回特定类型,或者 c) 我是否需要显式添加
if (Auth::user() instanceof User) { ... }
子句贯穿我的代码?
Is there a correct way to override one of the Laravel stock classes with a more specific one of my own to address more specific functionality?是否有一种正确的方法可以用我自己的更具体的一个来覆盖 Laravel 股票类之一以解决更具体的功能? Is there way to type-hint the actual authenticated User into the function declaration so I can declare
function index(User $authenticatedUser)
and have Laravel autopopulate this in with a more specific type hint?有没有办法将实际经过身份验证的用户类型提示到函数声明中,以便我可以声明
function index(User $authenticatedUser)
并让 Laravel 使用更具体的类型提示自动填充它?
I understand that I could just add an exclusion for this particular issue in Larastan and move on with my life, but the error is designed to protect against a specific class of error--ie if I added Auth0 and replaced App\Model\User
with Auth0\Login\User
, then I would have an Authenticatable
class that fails to run hasPermissionTo()
, and I'd have to now fix a bunch of code.我知道我可以在 Larastan 中为这个特定问题添加一个排除项并继续我的生活,但该错误旨在防止特定类别的错误 - 即如果我添加 Auth0 并将
App\Model\User
替换为Auth0\Login\User
,那么我将有一个无法运行hasPermissionTo()
的Authenticatable
类,我现在必须修复一堆代码。
Eventually, this is how we worked around the problem.最终,这就是我们解决问题的方法。 We added a type-hint for Larastan, so it can infer that $user has this
HasRolesContract
trait which provides hasPermissionTo()
.我们为 Larastan 添加了类型提示,因此它可以推断 $user 具有提供
hasPermissionTo()
的HasRolesContract
特征。
public function index()
{
/** @var \App\Traits\HasRolesContract */
$user = \Auth::user();
if ($user->hasPermissionTo('Management:View Users')) {
Hopefully this helps someone else!希望这对其他人有帮助!
(Thanks for the nudge, @djjavo) (感谢轻推,@djjavo)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.