个人中心
gpt4 book ai didi

php - 仅“授权”资源的特定路由

转载 作者:行者123 更新时间:2023-12-04 15:57:37 24 4
gpt4 key购买 nike

有这个方法authorizeResource()它将特定策略应用于所有路由(索引路由除外)。有没有办法仅在特定路由上应用策略,类似于此功能:

Route::resource('photo', 'PhotoController', ['only' => [
    'index', 'show'
]]);

最佳答案

尽管@JeffPucket 在 his answer 中指出, only选项对我不起作用。我正在运行 Laravel 5.5 起作用的是逆逻辑:

public function __construct()
{
    $this->authorizeResource(Photo::class, null, [
        'except' => [ 'index', 'show' ],
    ]);
}

请注意,您应该将操作( Controller 的方法)传递给该选项 不要想要应用您的保单。在这种情况下, indexshow将绕过授权中间件。

只是为了比较,这里是 php artisan route:list 的结果使用每个选项时:

仅限 
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method    | URI                    | Name            | Action                                         | Middleware                                       |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
|        | POST      | comment                | comment.store   | App\Http\Controllers\CommentController@store   | web,auth,can:create,App\Http\Controllers\Comment |
|        | GET|HEAD  | comment                | comment.index   | App\Http\Controllers\CommentController@index   | web,auth,can:view,App\Http\Controllers\Comment   |
|        | GET|HEAD  | comment/create         | comment.create  | App\Http\Controllers\CommentController@create  | web,auth,can:create,App\Http\Controllers\Comment |
|        | GET|HEAD  | comment/{comment}      | comment.show    | App\Http\Controllers\CommentController@show    | web,auth,can:view,comment                        |
|        | PUT|PATCH | comment/{comment}      | comment.update  | App\Http\Controllers\CommentController@update  | web,auth,can:update,comment                      |
|        | DELETE    | comment/{comment}      | comment.destroy | App\Http\Controllers\CommentController@destroy | web,auth,can:delete,comment                      |
|        | GET|HEAD  | comment/{comment}/edit | comment.edit    | App\Http\Controllers\CommentController@edit    | web,auth,can:update,comment                      |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+

除了 
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method    | URI                    | Name            | Action                                         | Middleware                                       |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
|        | POST      | comment                | comment.store   | App\Http\Controllers\CommentController@store   | web,auth,can:create,App\Http\Controllers\Comment |
|        | GET|HEAD  | comment                | comment.index   | App\Http\Controllers\CommentController@index   | web,auth                                         |
|        | GET|HEAD  | comment/create         | comment.create  | App\Http\Controllers\CommentController@create  | web,auth,can:create,App\Http\Controllers\Comment |
|        | GET|HEAD  | comment/{comment}      | comment.show    | App\Http\Controllers\CommentController@show    | web,auth                                         |
|        | PUT|PATCH | comment/{comment}      | comment.update  | App\Http\Controllers\CommentController@update  | web,auth,can:update,comment                      |
|        | DELETE    | comment/{comment}      | comment.destroy | App\Http\Controllers\CommentController@destroy | web,auth,can:delete,comment                      |
|        | GET|HEAD  | comment/{comment}/edit | comment.edit    | App\Http\Controllers\CommentController@edit    | web,auth,can:update,comment                      |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+

如上所示,中间件仅在使用 except 时应用于特定路由.

也许这是框架中的一个错误。但很难确认这一点,因为这个选项似乎没有记录在案。甚至详细信息 authorizeResource()方法不存在。

关于php - 仅“授权”资源的特定路由,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44524073/

24 4 0
文章推荐: oauth-2.0 - 使用 Google+ 登录时允许多个帐户
文章推荐: angularjs - 如何使用 Bower 升级到最新的 Angular 1.3 beta 版本?
文章推荐: api - 从 Gitlab API 获取 MR 相关数据
文章推荐: excel - SendKeys 并不总是有效
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com