我做这样的门:
Gate::define('update-post', function ($user, Post $post) {
return $user->hasAccess(['update-post']) or $user->id == $post->user_id;
});
我检查了我的数据库,它有更新帖子访问权限,用户ID与帖子相同。但我得到了:
此操作未经授权。
错误。所以我在这里犯了一些错误吗?谢谢。
我开始使用Form Request类为data validation时使用类似的问题(例如使用php artisan make:request UpdateUserRequest
)。
如果您使用Form Request验证数据,那么首先,检查您是否正确设置了正确的规则以允许它通过。这是在返回authorize
的boolean
方法中处理的,默认情况下它的设置为false
:
namespace App\Http\Requests\Users;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Auth;
class UpdateUserRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
/**
* By default it returns false, change it to
* something like this if u are checking authentication
*/
return Auth::check(); // <------------------
/**
* You could also use something more granular, like
* a policy rule or an admin validation like this:
* return auth()->user()->isAdmin();
*/
}
public function rules()
{
// your validations...
}
}
确保在“authorize”方法上返回true
public function authorize()
{
return true;
}
<?php
namespace App\Modules\UserManagement\Request;
use Illuminate\Foundation\Http\FormRequest;
use Response;
class UserRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
public function rules()
{
$rules = [
'full_name' => 'required',
'email' => 'required|email',
'password' => 'required',
're_enter_password' => 'required'
];
return $rules;
}
}
就我而言,我没有在Gate::define(...)
做正确的检查
所以也许在该函数中仔细检查你的逻辑