Laravel - 在 API 授权请求中使用 Gates
Laravel - Using Gates on API requests for authorization
我有一个 laravel 应用程序设置,使用 gates 完美地设置了角色和权限。例如,在网络路由文件中,我有这个效果很好:
WEB.PHP
Route::resource('groups', 'SuperAdmin\GroupsController')->middleware('can:SEE-admin-dashboard');
但是,当我尝试将相同的中间件应用于 API 请求(在 Vue 组件内部)时,它不起作用。我不断收到未经授权的消息。这是我尝试过的两件事..
API.PHP
尝试 1-
Route::post('group_times', 'TimesController@custom_groups_times')->middleware('can:SEE-admin-dashboard');
尝试 2-
Route::middleware('auth:api')->post('group_times', 'TimesController@custom_groups_times', function(Request $request) {
return $request->user();
});
我收到 401 未经授权的消息:
我已经为每个用户设置了 API 令牌,如 Laravel 文档中所述。像这样,但没有这样的运气。
我是不是漏掉了什么?
编辑:
这是来自 AuthServiceProvider.php
的代码
<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
// Implicitly grant "Super Admin" role all permissions
// This works in the app by using gate-related functions like auth()->user->can() and @can()
Gate::before(function ($user, $ability){
return $user->hasRole('Super Admin') ? true : null;
});
//Superadmin check
Gate::define('isSuperAdmin', function($user){
return $user->hasRole('Super Admin');
});
//PLT Student check
Gate::define('isPLTStudent', function($user){
return $user->hasRole('PLT Student');
});
//Student check
Gate::define('isStudent', function($user){
return $user->hasRole('Student');
});
//SEE Admin Panel
Gate::define('SEE-admin-panel', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//SEE Admin Dashboard
Gate::define('SEE-admin-dashboard', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//USERS PERMISSIONS
//Overall
Gate::define('USERS-manage-users', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//Specific
Gate::define('USERS-create-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-view-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-edit-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-delete-users', function($user){
return $user->hasRole('PLT Student');
});
//RUNS PERMISSIONS
//Overall
Gate::define('RUNS-manage-runs', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//Specific
Gate::define('RUNS-create-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-view-runs', function($user){
return $user->hasAnyRoles(['PLT Student', 'Student']);
});
Gate::define('RUNS-edit-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-delete-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-delete-runs', function($user){
return $user->hasRole('PLT Student');
});
//RUNTYPES PERMISSIONS
//Overall
Gate::define('RUNTYPES-manage', function($user){
//return $user->hasAnyRoles(['PLT Student']);
});
//Overall
Gate::define('RUNTYPES-view', function($user){
return $user->hasAnyRoles(['PLT Student', 'Student']);
});
//RUNTYPES PERMISSIONS
//Overall
Gate::define('GROUP-manage', function($user){
//return $user->hasAnyRoles(['PLT Student']);
});
}
}
Vue 公理:
//Get time data to populate table
getTimes(){
axios.post('/api/group_times', {
group_id: this.group_id,
amount: 5,
season_id: this.season_id
})
.then(response => {
this.times = response.data;
}
);
},
答案就在眼前——我是这样做的...
成功了!
Route::group(['middleware' => ['auth:api']], function () {
Route::post('privacy_change', 'UsersController@privacy_change')->middleware('can:change_privacy');
});
显然是因为我发现了这个我以前不知道的信息...... "Out of the box, the web middleware group is automatically applied to your routes/web.php file by the RouteServiceProvider."
正在运行!!我只需要包装 API 路线
我有一个 laravel 应用程序设置,使用 gates 完美地设置了角色和权限。例如,在网络路由文件中,我有这个效果很好:
WEB.PHP
Route::resource('groups', 'SuperAdmin\GroupsController')->middleware('can:SEE-admin-dashboard');
但是,当我尝试将相同的中间件应用于 API 请求(在 Vue 组件内部)时,它不起作用。我不断收到未经授权的消息。这是我尝试过的两件事..
API.PHP
尝试 1-
Route::post('group_times', 'TimesController@custom_groups_times')->middleware('can:SEE-admin-dashboard');
尝试 2-
Route::middleware('auth:api')->post('group_times', 'TimesController@custom_groups_times', function(Request $request) {
return $request->user();
});
我收到 401 未经授权的消息:
我已经为每个用户设置了 API 令牌,如 Laravel 文档中所述。像这样,但没有这样的运气。
我是不是漏掉了什么?
编辑:
这是来自 AuthServiceProvider.php
的代码<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
// Implicitly grant "Super Admin" role all permissions
// This works in the app by using gate-related functions like auth()->user->can() and @can()
Gate::before(function ($user, $ability){
return $user->hasRole('Super Admin') ? true : null;
});
//Superadmin check
Gate::define('isSuperAdmin', function($user){
return $user->hasRole('Super Admin');
});
//PLT Student check
Gate::define('isPLTStudent', function($user){
return $user->hasRole('PLT Student');
});
//Student check
Gate::define('isStudent', function($user){
return $user->hasRole('Student');
});
//SEE Admin Panel
Gate::define('SEE-admin-panel', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//SEE Admin Dashboard
Gate::define('SEE-admin-dashboard', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//USERS PERMISSIONS
//Overall
Gate::define('USERS-manage-users', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//Specific
Gate::define('USERS-create-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-view-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-edit-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-delete-users', function($user){
return $user->hasRole('PLT Student');
});
//RUNS PERMISSIONS
//Overall
Gate::define('RUNS-manage-runs', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//Specific
Gate::define('RUNS-create-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-view-runs', function($user){
return $user->hasAnyRoles(['PLT Student', 'Student']);
});
Gate::define('RUNS-edit-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-delete-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-delete-runs', function($user){
return $user->hasRole('PLT Student');
});
//RUNTYPES PERMISSIONS
//Overall
Gate::define('RUNTYPES-manage', function($user){
//return $user->hasAnyRoles(['PLT Student']);
});
//Overall
Gate::define('RUNTYPES-view', function($user){
return $user->hasAnyRoles(['PLT Student', 'Student']);
});
//RUNTYPES PERMISSIONS
//Overall
Gate::define('GROUP-manage', function($user){
//return $user->hasAnyRoles(['PLT Student']);
});
}
}
Vue 公理:
//Get time data to populate table
getTimes(){
axios.post('/api/group_times', {
group_id: this.group_id,
amount: 5,
season_id: this.season_id
})
.then(response => {
this.times = response.data;
}
);
},
答案就在眼前——我是这样做的...
成功了!
Route::group(['middleware' => ['auth:api']], function () {
Route::post('privacy_change', 'UsersController@privacy_change')->middleware('can:change_privacy');
});
显然是因为我发现了这个我以前不知道的信息...... "Out of the box, the web middleware group is automatically applied to your routes/web.php file by the RouteServiceProvider."
正在运行!!我只需要包装 API 路线