Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controll

Posted 2023-04-13

【中文标题】Laravel (7) Resource Policies don\'t work with CamelCase, get a 403 for view policy (show in controller)

【英文标题】：Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller)Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller)

【发布时间】：2020-10-12 12:17:25

【问题描述】：

这里有两个例子，第一个用于 ResourceController（返回 200 - ok），第二个用于 ResourceLogsController（返回 403 - 未授权）

api.php

// RESOURCES
Route::apiResource('resources','Api\ResourceController');

// RESOURCELOGS
Route::apiResource('resourcelogs','Api\ResourceLogController');

AuthServiceProvider：

use App\Policies\ResourcePolicy;
use App\Policies\ResourceLogPolicy;

// ...

    protected $policies = [
        Resource::class => ResourcePolicy::class,
        ResourceLog::class => ResourceLogPolicy::class
    ];

资源控制器：

    public function __construct()
    
      $this->middleware('auth:api');
      $this->authorizeResource(Resource::class, 'resource');
    

    public function index(Resource $resource)
    
      dd('authorization ok');
    

    public function show(Resource $resource)
    
      dd('authorization ok');
    

资源日志控制器：

    public function __construct()
    
      $this->middleware('auth:api');
      $this->authorizeResource(ResourceLog::class, 'resourcelog');
    

    public function index(ResourceLog $resourceLog)
    
      dd('authorization ok');
    

    public function show(ResourceLog $resourceLog)
    
      dd('no authorization here');
    

ResourcePolicies：只返回一个简单的 true 作为测试

class ResourcePolicy

    use HandlesAuthorization;

    public function viewAny(User $user)
    
        return true;
    

    public function view(User $user, Resource $resource)
    
        return true;
    

ResourceLogPolicies：只返回一个简单的 true 作为测试

class ResourceLogPolicy

    use HandlesAuthorization;

    public function viewAny(User $user)
    
        return true;
    

    public function view(User $user, ResourceLog $resourceLog)
    
        return true;
    

我尝试将 $this->authorizeLogResource 中的第二个参数更改为小写、chamelcase 等。

$this->authorizeResource(ResourceLog::class, 'resourcelog'); $this->authorizeResource(ResourceLog::class, 'App\ResourceLog'); // = 函数 App\Policies\ResourceLogPolicy::view() 的参数太少，通过了 1 个

我确实在中间件下看到了资源而不是资源日志...

【问题讨论】：

我认为这是一个错误，我将现有的工作资源控制器从 RuleController 更改为 AccessRightController，包括依赖项，并且出现了相同的 403

【参考方案1】：

在 taylorotwell 本人的帮助下回答：

在路由器中：

Route::apiResource('resourceLogs','Api\ResourceLogController');

控制器：

public function __construct()

  $this->middleware('auth:api');
  $this->authorizeResource(ResourceLog::class, 'resourceLog'); 

方法：

public function show(ResourceLog $resourceLog)

return new ResourceLogResource($resourceLog);

'resourceLogs' in Route 和 authorizeResource + $resourceLog (!) 需要有相同的大小写。