如何在 Eloquent ORM 中创建 isAuthorized() 方法？

Question

任何人都可以逐行向我详细解释这部分吗？ 如何在 Eloquent ORM 中创建isAuthorized(@param, @param)方法？

class User extends Authenticatable
{
    public function isAuthorized($object, $operation)
    {
        return Db::table('role_permissions')
            ->where('object', $object)
            ->where('operation', $operation)
            ->join('user_roles', 'user_roles.role_id', '=', 'role_permissions.role_id')
            ->where('user_roles.user_id', $this->id)
            ->exists();
    }
}

Answer 1

我不知道我对$object和$operation的猜测是否正确，但在这里我是 go：

<?php

class User extends Authenticatable
{
    public function isAuthorized($object, $operation)
    {
        // You are checking if the current user has access to $operation method
        // on $object. E.g. App\Http\Controllers\UserController@viewAny.

        // This will output a query LIKE this:
        // SELECT COUNT(`rp`.`id`)
        // FROM role_permissions rp
        // INNER JOIN user_roles ur ON ur.role_id = rp.role_id
        // WHERE `object` = 'App\\Http\\Controllers\\UserController'
        // AND `operation` = 'viewAny'
        // AND `ur`.`user_id` = 1;
        // And then it will check if the value > 0.
        return Db::table('role_permissions')
            ->where('object', $object)
            ->where('operation', $operation)
            ->join('user_roles', 'user_roles.role_id', '=', 'role_permissions.role_id')
            ->where('user_roles.user_id', $this->id)
            ->exists();
    }
}

如果这是它正在做的事情，您应该查看政策： https://laravel.com/docs/6.x/authorization#creating-policies

然后使用策略： https://laravel.com/docs/6.x/authorization#via-the-user-model