我试图让用户在 Laravel 5.5 中编辑他们自己的评论
AuthServiceProvider.php
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Model\Review;
use App\Policies\ReviewPolicy;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
Review::class => ReviewPolicy::class,
];
ReviewPolicy.php
public function update(User $user, Review $review)
{
return $user->id == $review->user_id;
}
ReviewController.php
public function update(Request $request, Review $review ,int $id)
{
$request->validate([
'content' => 'required|min:250',
'score' => 'numeric|min:0|max:10',
]);
$this->authorize('update', $review);
$reviewsSave = Review::find($id);
$reviewsSave->content = $request->input('content');
$reviewsSave->score = $request->input('score');
$reviewsSave->save();
return redirect(url()->current());
}
我不断得到
Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException 此操作未经授权。
实际上应该授权的时候
我可能遗漏了什么,但找不到。
最佳答案
问题是模型绑定(bind)不起作用,因为 $review
是空的。要使其正常工作,路线应如下所示:
Route::get('review/update/{review}/{id}', 'ReviewController@update');
或者,您可以手动获取评论:
public function update(Request $request, Review $review ,int $id)
{
$request->validate([
'content' => 'required|min:250',
'score' => 'numeric|min:0|max:10',
]);
$reviewsSave = Review::find($id);
$this->authorize('update', $reviewsSave);
$reviewsSave->content = $request->input('content');
$reviewsSave->score = $request->input('score');
$reviewsSave->save();
return redirect(url()->current());
}
关于php - laravel 政策授权总是假的,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48432594/