Laravel (7) 资源策略不适用于 CamelCase,获取 403 视图策略(在控制器中显示)
Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller)
这里有两个例子,第一个是 ResourceController (return 200 - ok),第二个是 ResourceLogsController (returns 403 - not authorized)
api.php
// RESOURCES
Route::apiResource('resources','Api\ResourceController');
// RESOURCELOGS
Route::apiResource('resourcelogs','Api\ResourceLogController');
AuthServiceProvider:
use App\Policies\ResourcePolicy;
use App\Policies\ResourceLogPolicy;
// ...
protected $policies = [
Resource::class => ResourcePolicy::class,
ResourceLog::class => ResourceLogPolicy::class
];
资源控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(Resource::class, 'resource');
}
public function index(Resource $resource)
{
dd('authorization ok');
}
public function show(Resource $resource)
{
dd('authorization ok');
}
资源日志控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourcelog');
}
public function index(ResourceLog $resourceLog)
{
dd('authorization ok');
}
public function show(ResourceLog $resourceLog)
{
dd('no authorization here');
}
ResourcePolicies:只是 return 一个简单的 true 作为测试
class ResourcePolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, Resource $resource)
{
return true;
}
ResourceLogPolicies:只是 return 一个简单的 true 作为测试
class ResourceLogPolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, ResourceLog $resourceLog)
{
return true;
}
我尝试将 $this->authorizeLogResource 中的第二个参数更改为小写、chamelcase 等。
$this->authorizeResource(ResourceLog::class, 'resourcelog');
$this->authorizeResource(ResourceLog::class, 'App\ResourceLog'); // = 函数参数太少 App\Policies\ResourceLogPolicy::view(), 1 passed
我确实在中间件下看到了资源而不是 resourceLog...
在 taylorotwell 本人的帮助下回答:
在路由器中:
Route::apiResource('resourceLogs','Api\ResourceLogController');
控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourceLog');
}
方法:
public function show(ResourceLog $resourceLog)
{
return new ResourceLogResource($resourceLog);
}
'resourceLogs' 在 Route 和 authorizeResource + $resourceLog (!) 需要有相同的大小写。
这里有两个例子,第一个是 ResourceController (return 200 - ok),第二个是 ResourceLogsController (returns 403 - not authorized)
api.php
// RESOURCES
Route::apiResource('resources','Api\ResourceController');
// RESOURCELOGS
Route::apiResource('resourcelogs','Api\ResourceLogController');
AuthServiceProvider:
use App\Policies\ResourcePolicy;
use App\Policies\ResourceLogPolicy;
// ...
protected $policies = [
Resource::class => ResourcePolicy::class,
ResourceLog::class => ResourceLogPolicy::class
];
资源控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(Resource::class, 'resource');
}
public function index(Resource $resource)
{
dd('authorization ok');
}
public function show(Resource $resource)
{
dd('authorization ok');
}
资源日志控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourcelog');
}
public function index(ResourceLog $resourceLog)
{
dd('authorization ok');
}
public function show(ResourceLog $resourceLog)
{
dd('no authorization here');
}
ResourcePolicies:只是 return 一个简单的 true 作为测试
class ResourcePolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, Resource $resource)
{
return true;
}
ResourceLogPolicies:只是 return 一个简单的 true 作为测试
class ResourceLogPolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, ResourceLog $resourceLog)
{
return true;
}
我尝试将 $this->authorizeLogResource 中的第二个参数更改为小写、chamelcase 等。
$this->authorizeResource(ResourceLog::class, 'resourcelog'); $this->authorizeResource(ResourceLog::class, 'App\ResourceLog'); // = 函数参数太少 App\Policies\ResourceLogPolicy::view(), 1 passed
我确实在中间件下看到了资源而不是 resourceLog...
在 taylorotwell 本人的帮助下回答:
在路由器中:
Route::apiResource('resourceLogs','Api\ResourceLogController');
控制器:
public function __construct()
{
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourceLog');
}
方法:
public function show(ResourceLog $resourceLog)
{
return new ResourceLogResource($resourceLog);
}
'resourceLogs' 在 Route 和 authorizeResource + $resourceLog (!) 需要有相同的大小写。