php Laravel 8 authorizeResources在控制器构造函数中不适用于编辑操作

我在laravel 8中为Post模型写了一个策略。
当我使用

public function __construct()
    {
       $this->authorizeResource(Post::class, 'post');
    }

在控制器中，该策略被正确地应用于索引、创建操作，但不应用于编辑操作。
如果我删除构造函数中的行并像这样修改编辑操作

public function edit( $id)
    {   
        $post = Post::find($id);
        $this->authorize('update', $post);
        $post = Post::find($id);
        $author = User::find($post->author_id);
        return view('posts.edit', compact('post', 'author'));
       
    }

$this->authorize（'update '，$post）;添加
那么它就能正常工作。
我不知道我做错了什么
以下是控制器和策略

控制器（未完成）

<?php

namespace App\Http\Controllers;

use App\Models\Post;
use Illuminate\Http\Request;use App\Models\User
;use Illuminate\Support\Facades\Gate;

class PostController extends Controller
{
    /**
     * Create the controller instance.
     *
     * @return void
     */
    public function __construct()
    {
       //$this->authorizeResource(Post::class, 'post');
    }

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    { 
        //authorization managed by the constructor
        $user = auth()->user();
    //$this->authorize('viewAny', Post::class);
       
        $posts = Post::orderBy('created_at', 'desc')->paginate(25);
        return view('posts.index', compact('posts', 'user'));
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
       // $this->authorize('create', Post::class);
        return view('posts.create');
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Request $request)
    {
        
       //authorization is managed globally in the constructor
        $this->validate($request, [
            'title' => 'required',
            'abstract' => 'required',
            'body' => 'required'
        ]);
        $post = new Post;
        $post->title = $request->input('title');
        $post->abstract = $request->input('abstract');
        $post->body = $request->input('body');
        $post->author_id = auth()->user()->id;
        $post->category = $request->input('category');
        $post->beg_date = $request->input('beg_date');
        $post->end_date = $request->input('end_date');
        $post->close_date = $request->input('close_date');
        $post->sticky = $request->input('sticky');
        $post->diaporama_dir = $request->input('diaporama_dir');
        $post->receive_registration = $request->input('receive_registration');
        $post->inscription_directive = $request->input('inscription_directive');
        $post->save();
        return redirect('/posts')->with('success', 'Article enregistré !');
    

    }

    /**
     * Display the specified resource.
     *
     * @param  \App\Models\Post  $post
     * @return \Illuminate\Http\Response
     */
    public function show(Post $post)
    {
        //
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  \App\Models\Post  $post
     * @return \Illuminate\Http\Response
     */
    public function edit( $id)
    {   
        $post = Post::find($id);
        $this->authorize('update', $post);
        $post = Post::find($id);
        $author = User::find($post->author_id);
        return view('posts.edit', compact('post', 'author'));
       
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \App\Models\Post  $post
     * @return \Illuminate\Http\Response
     */
    public function update(Request $request, Post $post)
    {
        //
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  \App\Models\Post  $post
     * @return \Illuminate\Http\Response
     */
    public function destroy(Post $post)
    {
        //
    }
}

政策

<?php

namespace App\Policies;

use App\Models\Post;
use App\Models\User;
use Illuminate\Auth\Access\Response;
use Illuminate\Auth\Access\HandlesAuthorization;

class PostPolicy
{
    use HandlesAuthorization;

    /**
 * Perform pre-authorization checks.
 *
 * @param  \App\Models\User  $user
 * @param  string  $ability
 * @return void|bool
 */
    public function before(User $user, $ability)
    {
     if ($user->role=='admin') {
        return Response::allow();
        }
    }

    /**
     * Determine whether the user can view any models.
     *
     * @param  \App\Models\User  $user
     * @return mixed
     */
    public function viewAny(User $user)
    {
        return ($user->role==='admin' || $user->role==='writer' || $user->role==='manager')
            ? Response::allow()
            : Response::deny(__("You are not allowed to view any posts!"));
    }

    /**
     * Determine whether the user can view the model.
     *
     * @param  \App\Models\User  $user
     * @param  \App\Models\Post  $post
     * @return mixed"
     */
    public function view(User $user, Post $post)
    {
        
        return $user->id == $post->user_id
                ? Response::allow()
                : Response::deny(trans("You cannot view this post because you are not its owner!"));
    }

    /**
     * Determine whether the user can create models.
     *
     * @param  \App\Models\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        return $user->role === 'writer' || $user->role ==='manager'
                ? Response::allow()
                : Response::deny(__("You are not allowed to create posts."));
    }

    /**
     * Determine whether the user can update the model.
     *
     * @param  \App\Models\User  $user
     * @param  \App\Models\Post  $post
     * @return mixed
     */
    public function update(User $user, Post $post)
    {
       

        return ($user->id == $post->user_id)
                ? Response::allow()
                : Response::deny(__("You cannot update this post because you are not its owner."));
    }

    /**
     * Determine whether the user can delete the model.
     *
     * @param  \App\Models\User  $user
     * @param  \App\Models\Post  $post
     * @return mixed
     */
    public function delete(User $user, Post $post)
    {
        return $user->id == $post->user_id
                ? Response::allow()
                : Response::deny(__("You cannot update this post because you are not its owner."));
    }

    /**
     * Determine whether the user can restore the model.
     *
     * @param  \App\Models\User  $user
     * @param  \App\Models\Post  $post
     * @return mixed
     */
    public function restore(User $user, Post $post)
    {
        return Response::deny();
    }

    /**
     * Determine whether the user can permanently delete the model.
     *
     * @param  \App\Models\User  $user
     * @param  \App\Models\Post  $post
     * @return mixed
     */
    public function forceDelete(User $user, Post $post)
    {
        //
    }
}

您可能已经注意到，只有那些需要参数的绑定才不起作用。解决方案，只能通过“戳”来达到，因为没有任何地方指定策略和控制器中的参数必须具有相同的名称和类型。
示例策略：

namespace App\Policies;

use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class UserPolicy
{
    use HandlesAuthorization;

    public function viewAny(User $user)
    {
        return true;
    }

    public function view(User $user, User $model)
    {
        dd("It`s worked");
        return true;
    }

    public function create(User $user)
    {
        return true;
    }

    public function update(User $user, User $model)
    {
        dd("It`s worked");
        return true;
    }

    public function delete(User $user, User $model)
    {
        dd("It`s worked");
        return true;
    }

    public function restore(User $user, User $model)
    {
        dd("It`s worked");
        return true;
    }

    public function forceDelete(User $user, User $model)
    {
        dd("It`s worked");
        return true;
    }
}

示例控制器

class UserController extends Controller
{
    public function __construct(UserRepository $repository)
    {
        $this->repository = $repository;
        $this->authorizeResource($this->repository->getModelClass(), "user");
    }

    public function index()
    {
        // do something
    }

    public function create(): Response
    {
        // do something
    }

    public function store(Request $request)
    {
        // do something
    }

    public function edit(User $user)
    {
        // do something
    }

    public function update(Request $request, User $user)
    {
        // do something
    }

    public function destroy(User $user)
    {
        // do something
    }
}

php Laravel 8 authorizeResources在控制器构造函数中不适用于编辑操作

2条答案

相关问题

热门标签

最新问答