php - laravel 政策授权总是假的

Question

我试图让用户在 Laravel 5.5 中编辑他们自己的评论

AuthServiceProvider.php

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Model\Review;
use App\Policies\ReviewPolicy;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        Review::class => ReviewPolicy::class,
    ];

ReviewPolicy.php

public function update(User $user, Review $review)
{
    return $user->id == $review->user_id;
}

ReviewController.php

public function update(Request $request, Review $review ,int $id)
{
    $request->validate([
        'content' => 'required|min:250',
        'score' => 'numeric|min:0|max:10',
    ]);

    $this->authorize('update', $review);

    $reviewsSave = Review::find($id);
    $reviewsSave->content = $request->input('content');
    $reviewsSave->score = $request->input('score');
    $reviewsSave->save();

    return redirect(url()->current());

}

我不断得到

Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException 此操作未经授权。

实际上应该授权的时候

我可能遗漏了什么，但找不到。

Answer 1

问题是模型绑定(bind)不起作用，因为 $review 是空的。要使其正常工作，路线应如下所示:

Route::get('review/update/{review}/{id}', 'ReviewController@update');

或者，您可以手动获取评论:

public function update(Request $request, Review $review ,int $id)
{
    $request->validate([
        'content' => 'required|min:250',
        'score' => 'numeric|min:0|max:10',
    ]);

    $reviewsSave = Review::find($id);

    $this->authorize('update', $reviewsSave);

    $reviewsSave->content = $request->input('content');
    $reviewsSave->score = $request->input('score');
    $reviewsSave->save();

    return redirect(url()->current());
}