'仅授权'资源的特定路径

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了'仅授权'资源的特定路径相关的知识,希望对你有一定的参考价值。

有这种方法authorizeResource(),它将特定的策略应用于所有路由(索引路由除外)。有没有办法仅在特定路由上应用策略,类似于此功能:

Route::resource('photo', 'PhotoController', ['only' => [
    'index', 'show'
]]);
答案

您可以在控制器中实际定义中间件:

public PhotoController extends Controller {
    public function __construct() {
         $this->middleware("can:save,photo")->only(["save","edit"]);   //You get the idea
    }
}

这假设你已经写了一个正确的政策(检查https://laravel.com/docs/5.4/authorization

另一答案

是的,authorizeResource accepts an $options array as a third parameter。只需传递null作为第二个参数,选项的语法与路由中间件的语法相同。

public function __construct()
{
    $this->authorizeResource(Photo::class, null, [
        'only' => ['create', 'store'],
    ]);
}
另一答案

尽管@jeffPucket在his answer指出,only选项对我没有用。我正在运行Laravel 5.5,其工作原理是逆逻辑:

public function __construct()
{
    $this->authorizeResource(Photo::class, null, [
        'except' => [ 'index', 'show' ],
    ]);
}

请注意,您应该将您不希望应用策略的操作(控制器方法)传递给该选项。在这种情况下,indexshow将绕过授权中间件。

仅用于比较,以下是使用每个选项时php artisan route:list的结果:

只要

+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method    | URI                    | Name            | Action                                         | Middleware                                       |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
|        | POST      | comment                | comment.store   | AppHttpControllersCommentController@store   | web,auth,can:create,AppHttpControllersComment |
|        | GET|HEAD  | comment                | comment.index   | AppHttpControllersCommentController@index   | web,auth,can:view,AppHttpControllersComment   |
|        | GET|HEAD  | comment/create         | comment.create  | AppHttpControllersCommentController@create  | web,auth,can:create,AppHttpControllersComment |
|        | GET|HEAD  | comment/{comment}      | comment.show    | AppHttpControllersCommentController@show    | web,auth,can:view,comment                        |
|        | PUT|PATCH | comment/{comment}      | comment.update  | AppHttpControllersCommentController@update  | web,auth,can:update,comment                      |
|        | DELETE    | comment/{comment}      | comment.destroy | AppHttpControllersCommentController@destroy | web,auth,can:delete,comment                      |
|        | GET|HEAD  | comment/{comment}/edit | comment.edit    | AppHttpControllersCommentController@edit    | web,auth,can:update,comment                      |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+

除了

+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method    | URI                    | Name            | Action                                         | Middleware                                       |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
|        | POST      | comment                | comment.store   | AppHttpControllersCommentController@store   | web,auth,can:create,AppHttpControllersComment |
|        | GET|HEAD  | comment                | comment.index   | AppHttpControllersCommentController@index   | web,auth                                         |
|        | GET|HEAD  | comment/create         | comment.create  | AppHttpControllersCommentController@create  | web,auth,can:create,AppHttpControllersComment |
|        | GET|HEAD  | comment/{comment}      | comment.show    | AppHttpControllersCommentController@show    | web,auth                                         |
|        | PUT|PATCH | comment/{comment}      | comment.update  | AppHttpControllersCommentController@update  | web,auth,can:update,comment                      |
|        | DELETE    | comment/{comment}      | comment.destroy | AppHttpControllersCommentController@destroy | web,auth,can:delete,comment                      |
|        | GET|HEAD  | comment/{comment}/edit | comment.edit    | AppHttpControllersCommentController@edit    | web,auth,can:update,comment                      |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+

如您所见,中间件仅在使用except时应用于特定路由。

也许这是框架中的一个错误。但很难确认,因为这个选项似乎没有记录。甚至关于authorizeResource()方法的细节也不存在。

以上是关于'仅授权'资源的特定路径的主要内容,如果未能解决你的问题,请参考以下文章

仅具有客户端凭据的 Spring 安全端点(基本)

如何使用Matlab搜索特定后缀名的文件,把该文件所在的文件夹路径提取出来?

如何在片段着色器中进行自定义模板测试

nodejs常用代码片段

Operator '||' cannot be applied to operands of type 'bool?' and 'bool?'(代码片段

Operator '||' cannot be applied to operands of type 'bool?' and 'bool?'(代码片段