php - 自定义 Spatie Laravel-权限异常消息

Question

我已添加 Saptie Laravel Permission Package在 Laravel 5.8 API 应用程序中。一切正常，当非管理员用户尝试访问管理员特定路由时，我会遇到异常。

但是默认异常呈现为 HTML 403 用户没有正确的角色。考虑到我在 API 应用程序中使用它，我想针对此类异常返回我自己的自定义消息。

我尝试检查 auth()->user()->hasRole('admin') 但仍然得到相同的默认异常页面。这是我的代码

路线

Route::post('products', 'ProductController@store')->middleware('role:super-admin|admin'); // create a new product

Controller 方法

if (auth()->user()->hasRole('admin')) {

    // create & store the product
    $product = Product::create($request->all())

    // return new product
    $responseMessage    = 'Successful operation';
    $responseStatus     = 200;
    $productResource    = new ProductResource($product);

    return response()->json([
        'responseMessage'   => $responseMessage,
        'responseStatus'    => $responseStatus,
        'product'           => $productResource
    ]);
} else {

    return response()->json([
        'responseMessage'   => 'You do not have required authorization.',
        'responseStatus'    => 403,
    ]);
}

为什么我的自定义消息没有显示？

Answer 1

因为你通过 role 中间件保护你的路由，所以 UnauthorizedException 将在你的 Controller 代码到达之前被抛出。

您可以做的是使用 laravel 异常处理程序 render 方法并检查异常类型并返回您自己的响应:

来自 docs :

The render method is responsible for converting a given exception into an HTTP response that should be sent back to the browser. By default, the exception is passed to the base class which generates a response for you. However, you are free to check the exception type or return your own custom response

app/Exceptions/Handler.php

use Spatie\Permission\Exceptions\UnauthorizedException;

public function render($request, Exception $exception)
{
    if ($exception instanceof UnauthorizedException) {
        return response()->json([
            'responseMessage' => 'You do not have required authorization.',
            'responseStatus'  => 403,
        ]);
    }

    return parent::render($request, $exception);
}