laravel 策略始终导致“此操作未经授权”

ljo96ir5  于 2023-02-25  发布在  其他
关注(0)|答案(3)|浏览(100)

我正在尝试允许用户在Laravel 8中查看分类页面

分类策略.php

use App\Models\Category;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class CategoryPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view any models.
     *
     * @param User $user
     * @return mixed
     */
    public function viewAny(User $user)
    {

        return true;
    }

}

类别.php模型

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;

class Category extends Model
{
    use HasFactory;

    protected $fillable = ['category_name','category_image', 'parent_category'];

     public function categories (): \Illuminate\Database\Eloquent\Relations\HasMany
     {
         return $this->hasMany(Category::class, 'parent_category');
     }

    public function parentCategory (): \Illuminate\Database\Eloquent\Relations\BelongsTo
    {
        return $this->belongsTo(Category::class, 'parent_category');
    }

}

已在AuthServiceProvider.php中注册策略

protected $policies = [
        Category::class => CategoryPolicy::class
    ];

路线

Route::group(['middleware' => 'auth'], function () {
    Route::get('/', [DashboardController::class, 'index']);
    Route::get('/admin', [DashboardController::class, 'index']);
    Route::get('/admin/categories', [CategoryController::class, 'categories'])->name('category.index');
    Route::get('/admin/get-categories', [CategoryController::class, 'allCategories'])->name('category.indexAjax');
    Route::get('/admin/get-all-categories', [CategoryController::class, 'getCategories'])->name('category.all');
    Route::post('/admin/category/new', [CategoryController::class, 'store'])->name('category.new');
    Route::delete('/admin/category/delete/{category}', [CategoryController::class, 'delete'])->name('category.delete');
});

类别控制器

class CategoryController extends Controller
{

    public function categories(Request $request)
    {
        $this->authorize('viewAny');
        return view('admin.categories.categories');
    }

    public function getCategories(Request $request)
    {
        $categories = Category::all();
        return Response::json([
            "success" => true,
            "data" => $categories
        ]);
    }

    public function allCategories(Request $request)
    {
        return DataTables::of(Category::with('parentCategory')->get())->addIndexColumn()->make(true);
    }
}

这将始终返回“403此操作未经授权”。
我的代码应该工作...是的,好吧...它没有,它让我发疯。
谢谢

deyfvvtc

deyfvvtc1#

您应该使用authorize方法发送模型
试试这个:

$this->authorize('viewAny', Category::class);

来自文件:www.example.comhttps://laravel.com/docs/8.x/authorization#via-controller-helpers

cgyqldqp

cgyqldqp2#

我也面临着这个问题。在我的例子中,我犯的错误是在没有指定模型的情况下创建控制器。
之前:

php artisan make:controller ItemController --resource

之后:

php artisan make:controller ItemController --model=Item --resource

如果您在创建控制器时没有指定模型,其中的方法会传入一个名为$id的参数,但您需要的是模型本身:

public function show($id) // wrong
{
    //
}

对比分析

public function show(Item $item) // right
{
    //
}
jqjz2hbq

jqjz2hbq3#

尝试[https://laravel.com/docs/10.x/authorization#inline-authorization.][1]在相同情况下对我有效

相关问题