如何在 Eloquent ORM 中制作 isAuthorized() 方法?
How can I make an isAuthorized() method in Eloquent ORM?
谁能逐行详细解释一下这部分?如何在 Eloquent ORM 中制作 isAuthorized(@param, @param) 方法?
class User extends Authenticatable
{
public function isAuthorized($object, $operation)
{
return Db::table('role_permissions')
->where('object', $object)
->where('operation', $operation)
->join('user_roles', 'user_roles.role_id', '=', 'role_permissions.role_id')
->where('user_roles.user_id', $this->id)
->exists();
}
}
我不知道我对 $object 和 $operation 的猜测是否正确,但我要说的是:
<?php
class User extends Authenticatable
{
public function isAuthorized($object, $operation)
{
// You are checking if the current user has access to $operation method
// on $object. E.g. App\Http\Controllers\UserController@viewAny.
// This will output a query LIKE this:
// SELECT COUNT(`rp`.`id`)
// FROM role_permissions rp
// INNER JOIN user_roles ur ON ur.role_id = rp.role_id
// WHERE `object` = 'App\Http\Controllers\UserController'
// AND `operation` = 'viewAny'
// AND `ur`.`user_id` = 1;
// And then it will check if the value > 0.
return Db::table('role_permissions')
->where('object', $object)
->where('operation', $operation)
->join('user_roles', 'user_roles.role_id', '=', 'role_permissions.role_id')
->where('user_roles.user_id', $this->id)
->exists();
}
}
如果这是它正在做的事情,您应该查看政策:https://laravel.com/docs/6.x/authorization#creating-policies
然后使用策略:
https://laravel.com/docs/6.x/authorization#via-the-user-model
谁能逐行详细解释一下这部分?如何在 Eloquent ORM 中制作 isAuthorized(@param, @param) 方法?
class User extends Authenticatable
{
public function isAuthorized($object, $operation)
{
return Db::table('role_permissions')
->where('object', $object)
->where('operation', $operation)
->join('user_roles', 'user_roles.role_id', '=', 'role_permissions.role_id')
->where('user_roles.user_id', $this->id)
->exists();
}
}
我不知道我对 $object 和 $operation 的猜测是否正确,但我要说的是:
<?php
class User extends Authenticatable
{
public function isAuthorized($object, $operation)
{
// You are checking if the current user has access to $operation method
// on $object. E.g. App\Http\Controllers\UserController@viewAny.
// This will output a query LIKE this:
// SELECT COUNT(`rp`.`id`)
// FROM role_permissions rp
// INNER JOIN user_roles ur ON ur.role_id = rp.role_id
// WHERE `object` = 'App\Http\Controllers\UserController'
// AND `operation` = 'viewAny'
// AND `ur`.`user_id` = 1;
// And then it will check if the value > 0.
return Db::table('role_permissions')
->where('object', $object)
->where('operation', $operation)
->join('user_roles', 'user_roles.role_id', '=', 'role_permissions.role_id')
->where('user_roles.user_id', $this->id)
->exists();
}
}
如果这是它正在做的事情,您应该查看政策:https://laravel.com/docs/6.x/authorization#creating-policies
然后使用策略: https://laravel.com/docs/6.x/authorization#via-the-user-model