Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controll
Posted
技术标签:
【中文标题】Laravel (7) Resource Policies don\'t work with CamelCase, get a 403 for view policy (show in controller)【英文标题】:Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller)Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controller) 【发布时间】:2020-10-12 12:17:25 【问题描述】:这里有两个例子,第一个用于 ResourceController(返回 200 - ok),第二个用于 ResourceLogsController(返回 403 - 未授权)
api.php
// RESOURCES
Route::apiResource('resources','Api\ResourceController');
// RESOURCELOGS
Route::apiResource('resourcelogs','Api\ResourceLogController');
AuthServiceProvider:
use App\Policies\ResourcePolicy;
use App\Policies\ResourceLogPolicy;
// ...
protected $policies = [
Resource::class => ResourcePolicy::class,
ResourceLog::class => ResourceLogPolicy::class
];
资源控制器:
public function __construct()
$this->middleware('auth:api');
$this->authorizeResource(Resource::class, 'resource');
public function index(Resource $resource)
dd('authorization ok');
public function show(Resource $resource)
dd('authorization ok');
资源日志控制器:
public function __construct()
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourcelog');
public function index(ResourceLog $resourceLog)
dd('authorization ok');
public function show(ResourceLog $resourceLog)
dd('no authorization here');
ResourcePolicies:只返回一个简单的 true 作为测试
class ResourcePolicy
use HandlesAuthorization;
public function viewAny(User $user)
return true;
public function view(User $user, Resource $resource)
return true;
ResourceLogPolicies:只返回一个简单的 true 作为测试
class ResourceLogPolicy
use HandlesAuthorization;
public function viewAny(User $user)
return true;
public function view(User $user, ResourceLog $resourceLog)
return true;
我尝试将 $this->authorizeLogResource 中的第二个参数更改为小写、chamelcase 等。
$this->authorizeResource(ResourceLog::class, 'resourcelog'); $this->authorizeResource(ResourceLog::class, 'App\ResourceLog'); // = 函数 App\Policies\ResourceLogPolicy::view() 的参数太少,通过了 1 个
我确实在中间件下看到了资源而不是资源日志...
【问题讨论】:
我认为这是一个错误,我将现有的工作资源控制器从 RuleController 更改为 AccessRightController,包括依赖项,并且出现了相同的 403 【参考方案1】:在 taylorotwell 本人的帮助下回答:
在路由器中:
Route::apiResource('resourceLogs','Api\ResourceLogController');
控制器:
public function __construct()
$this->middleware('auth:api');
$this->authorizeResource(ResourceLog::class, 'resourceLog');
方法:
public function show(ResourceLog $resourceLog)
return new ResourceLogResource($resourceLog);
'resourceLogs' in Route 和 authorizeResource + $resourceLog (!) 需要有相同的大小写。
【讨论】:
以上是关于Laravel (7) Resource Policies don't work with CamelCase, get a 403 for view policy (show in controll的主要内容,如果未能解决你的问题,请参考以下文章
Laravel 5.6 附加 Route::resource() 参数