Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controll

Posted

技术标签:

【中文标题】Laravel (7) Resource Policies don\'t work with CamelCase, get a 403 for view policy (show in controller)【英文标题】:Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller)Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller) 【发布时间】:2020-10-12 12:17:25 【问题描述】:

这里有两个例子,第一个用于 ResourceController(返回 200 - ok),第二个用于 ResourceLogsController(返回 403 - 未授权)

api.php

// RESOURCES
Route::apiResource('resources','Api\ResourceController');

// RESOURCELOGS
Route::apiResource('resourcelogs','Api\ResourceLogController');

AuthServiceProvider:

use App\Policies\ResourcePolicy;
use App\Policies\ResourceLogPolicy;

// ...

    protected $policies = [
        Resource::class => ResourcePolicy::class,
        ResourceLog::class => ResourceLogPolicy::class
    ];

资源控制器:

    public function __construct()
    
      $this->middleware('auth:api');
      $this->authorizeResource(Resource::class, 'resource');
    

    public function index(Resource $resource)
    
      dd('authorization ok');
    

    public function show(Resource $resource)
    
      dd('authorization ok');
    

资源日志控制器:

    public function __construct()
    
      $this->middleware('auth:api');
      $this->authorizeResource(ResourceLog::class, 'resourcelog');
    

    public function index(ResourceLog $resourceLog)
    
      dd('authorization ok');
    

    public function show(ResourceLog $resourceLog)
    
      dd('no authorization here');
    

ResourcePolicies:只返回一个简单的 true 作为测试

class ResourcePolicy

    use HandlesAuthorization;

    public function viewAny(User $user)
    
        return true;
    

    public function view(User $user, Resource $resource)
    
        return true;
    

ResourceLogPolicies:只返回一个简单的 true 作为测试


class ResourceLogPolicy

    use HandlesAuthorization;

    public function viewAny(User $user)
    
        return true;
    

    public function view(User $user, ResourceLog $resourceLog)
    
        return true;
    

我尝试将 $this->authorizeLogResource 中的第二个参数更改为小写、chamelcase 等。

$this->authorizeResource(ResourceLog::class, 'resourcelog'); $this->authorizeResource(ResourceLog::class, 'App\ResourceLog'); // = 函数 App\Policies\ResourceLogPolicy::view() 的参数太少,通过了 1 个

我确实在中间件下看到了资源而不是资源日志...

【问题讨论】:

我认为这是一个错误,我将现有的工作资源控制器从 RuleController 更改为 AccessRightController,包括依赖项,并且出现了相同的 403 【参考方案1】:

taylorotwell 本人的帮助下回答:

在路由器中:

Route::apiResource('resourceLogs','Api\ResourceLogController');

控制器:

public function __construct()

  $this->middleware('auth:api');
  $this->authorizeResource(ResourceLog::class, 'resourceLog'); 

方法:

public function show(ResourceLog $resourceLog)

return new ResourceLogResource($resourceLog);

'resourceLogs' in Route 和 authorizeResource + $resourceLog (!) 需要有相同的大小写。

【讨论】:

以上是关于Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controll的主要内容,如果未能解决你的问题,请参考以下文章

Laravel 7 - 嵌套资源路由中的范围问题

Laravel 7 发布联系表给我错误 419

Laravel 5.6 附加 Route::resource() 参数

Laravel - Route::resource 与 Route::controller

laravel 博客(resource)

LARAVEL - 使用 Route::resource 生成路由时无法使用销毁路由