Laravel 5.8 - 无需在 AuthServicerProvider.php 中注册 ProjectPolicy 即可进行授权
Laravel 5.8 - Authorization works without registering ProjectPolicy in AuthServicerProvider.php
我正在从头开始关注 Jeffrey Way 的 laracasts,他提到在 AuthServiceProvider.php 中注册 ProjectPolicy.php。但是,我尝试刷新我的授权页面以检查其他帐户,但没有这样做,它仍然有效。
这是一个奇怪的问题,因为我认为我是在浪费时间在一些有用的事情上,我不应该担心。
下面是代码片段。
我已经尝试评论了很多 LoC,我认为框架可以使用它们来授权页面-
ProjectsController.php
public function __construct(){
// $this->middleware('auth');
}
这里是问题的未编辑版本。
ProjectsController.php
中的 show() 方法
public function show(Project $project, Twitter $twitter)
{
// $twitter = app('twitter');
// dd($twitter);
// abort_if($project->owner_id !== auth()->id(),403);
//abort_unless();
$this->authorize('view',$project);
return view('project.show',compact('project'));
}
ProjectPolicy.php
public function view(User $user, Project $project)
{
return $project->owner_id == $user->id;//works even if I remove this
}// works even if I remove the complete method.
ProjectsController.php
public function show(Project $project, Twitter $twitter)//edited
{
$this->authorize('view',$project);//the authorization is enabled just by this loc.
return view('project.show',compact('project'));
}
我很困惑这仍然有效。
框架进展如何
authorize('view',$project);
即使我删除了 view() 方法?
编辑:在文档页面上找到它。
Instead of manually registering model policies, Laravel can auto-discover policies as long as the model and policy follow standard Laravel naming conventions. Specifically, the policies must be in a Policies directory below the directory that contains the models. So, for example, the models may be placed in the app directory while the policies may be placed in the app/Policies directory. In addition, the policy name must match the model name and have a Policy suffix. So, a User model would correspond to a UserPolicy class.
您需要注册您的保单以适合您的型号,更多信息:
https://laravel.com/docs/5.8/authorization#registering-policies
在您的 app/Providers/AuthServiceProvider.php 文件中,只需添加:
protected $policies = [
Project::class => ProjectPolicy::class,
];
我正在从头开始关注 Jeffrey Way 的 laracasts,他提到在 AuthServiceProvider.php 中注册 ProjectPolicy.php。但是,我尝试刷新我的授权页面以检查其他帐户,但没有这样做,它仍然有效。
这是一个奇怪的问题,因为我认为我是在浪费时间在一些有用的事情上,我不应该担心。 下面是代码片段。
我已经尝试评论了很多 LoC,我认为框架可以使用它们来授权页面-
ProjectsController.php
public function __construct(){
// $this->middleware('auth');
}
这里是问题的未编辑版本。
ProjectsController.php
public function show(Project $project, Twitter $twitter)
{
// $twitter = app('twitter');
// dd($twitter);
// abort_if($project->owner_id !== auth()->id(),403);
//abort_unless();
$this->authorize('view',$project);
return view('project.show',compact('project'));
}
ProjectPolicy.php
public function view(User $user, Project $project)
{
return $project->owner_id == $user->id;//works even if I remove this
}// works even if I remove the complete method.
ProjectsController.php
public function show(Project $project, Twitter $twitter)//edited
{
$this->authorize('view',$project);//the authorization is enabled just by this loc.
return view('project.show',compact('project'));
}
我很困惑这仍然有效。
框架进展如何
authorize('view',$project);
即使我删除了 view() 方法?
编辑:在文档页面上找到它。
Instead of manually registering model policies, Laravel can auto-discover policies as long as the model and policy follow standard Laravel naming conventions. Specifically, the policies must be in a Policies directory below the directory that contains the models. So, for example, the models may be placed in the app directory while the policies may be placed in the app/Policies directory. In addition, the policy name must match the model name and have a Policy suffix. So, a User model would correspond to a UserPolicy class.
您需要注册您的保单以适合您的型号,更多信息:
https://laravel.com/docs/5.8/authorization#registering-policies
在您的 app/Providers/AuthServiceProvider.php 文件中,只需添加:
protected $policies = [
Project::class => ProjectPolicy::class,
];