时间戳

首页 > 解决方案 > 为什么我的 Laravel 策略总是返回 false?

php - 为什么我的 Laravel 策略总是返回 false?

问题描述

该政策的代码在这里:

class userOwnedClassPolicy
{
    use HandlesAuthorization;
    ...
    public function create(User $user)
    {
        return ($user->userType == 'teacher');
    }
    ...
}

因此,此政策已在AuthServiceProvider.php文件中注册:

class AuthServiceProvider extends ServiceProvider
{
    //Map models to authorization policies.
    protected $policies = [
        App\Models\classMember::class => App\Policies\classMemberPolicy::class,
        App\Models\evaluation::class => App\Policies\evaluationPolicy::class,
        App\Models\group::class => App\Policies\groupPolicy::class,
        App\Models\groupMember::class => App\Policies\groupMemberPolicy::class,
        App\Models\sharedClass::class => App\Policies\sharedClassPolicy::class,
        App\Models\slg::class => App\Policies\slgPolicy::class,
        App\Models\spreadsheet::class => App\Policies\spreadsheetPolicy::class,
        App\Models\spreadsheetValue::class => App\Policies\spreadsheetValuePolicy::class,
        App\Models\teacher::class => App\Policies\teacherPolicy::class,
        App\Models\test::class => App\Policies\testPolicy::class,
        App\Models\userOwnedClass::class => App\Policies\userOwnedClassPolicy::class
    ];

    public function boot()
    {
        $this->registerPolicies();
    }
}

(我也尝试过使用文件路径的字符串来注册策略,但这没有任何效果。)

控制器代码的相关部分在这里:

class ClassController extends Controller
{
    ...
    public function store(Request $postReq)
    {
        $this->authorize('create', Auth::user());
        userOwnedClass::create([
            'name' => $postReq->input('className'),
            'ownerId' => Auth::user()->id
        ]);
    }
    ...
}

我尝试用 替换策略create方法中的代码return true,但即使这样也失败了。我做错了什么,为什么控制器在调用时总是返回 403 错误?

标签: phplaravelvue.jslaravel-8laravel-authorization

解决方案

当您在此处创建策略userOwnedClassPolicy并将其设置为userOwnedClass模型时AuthServiceProvider

App\Models\userOwnedClass::class => App\Policies\userOwnedClassPolicy::class

你不能只运行策略方法:

$this->authorize('create', Auth::user());

当您在上面运行此行时,您会告诉 - 检查对象create策略的方法\App\Models\User,但您没有为此模型创建任何策略。

所以在这种情况下,你应该像这样运行它:

$this->authorize('create', \App\Models\userOwnedClass::class);

然后 Laravel 会知道它应该create从策略中运行方法userOwnedClassPolicy,它会自动将当前经过身份验证的用户传递给$user策略方法中的变量。

推荐阅读