有这个方法authorizeResource()
它将特定策略应用于所有路由(索引路由除外)。有没有办法仅在特定路由上应用策略,类似于此功能:
Route::resource('photo', 'PhotoController', ['only' => [
'index', 'show'
]]);
最佳答案
尽管@JeffPucket 在 his answer 中指出, only
选项对我不起作用。我正在运行 Laravel 5.5 起作用的是逆逻辑:
public function __construct()
{
$this->authorizeResource(Photo::class, null, [
'except' => [ 'index', 'show' ],
]);
}
请注意,您应该将操作( Controller 的方法)传递给该选项 不要想要应用您的保单。在这种情况下,
index
和 show
将绕过授权中间件。只是为了比较,这里是
php artisan route:list
的结果使用每个选项时:仅限
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| | POST | comment | comment.store | App\Http\Controllers\CommentController@store | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment | comment.index | App\Http\Controllers\CommentController@index | web,auth,can:view,App\Http\Controllers\Comment |
| | GET|HEAD | comment/create | comment.create | App\Http\Controllers\CommentController@create | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment/{comment} | comment.show | App\Http\Controllers\CommentController@show | web,auth,can:view,comment |
| | PUT|PATCH | comment/{comment} | comment.update | App\Http\Controllers\CommentController@update | web,auth,can:update,comment |
| | DELETE | comment/{comment} | comment.destroy | App\Http\Controllers\CommentController@destroy | web,auth,can:delete,comment |
| | GET|HEAD | comment/{comment}/edit | comment.edit | App\Http\Controllers\CommentController@edit | web,auth,can:update,comment |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
除了
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| | POST | comment | comment.store | App\Http\Controllers\CommentController@store | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment | comment.index | App\Http\Controllers\CommentController@index | web,auth |
| | GET|HEAD | comment/create | comment.create | App\Http\Controllers\CommentController@create | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment/{comment} | comment.show | App\Http\Controllers\CommentController@show | web,auth |
| | PUT|PATCH | comment/{comment} | comment.update | App\Http\Controllers\CommentController@update | web,auth,can:update,comment |
| | DELETE | comment/{comment} | comment.destroy | App\Http\Controllers\CommentController@destroy | web,auth,can:delete,comment |
| | GET|HEAD | comment/{comment}/edit | comment.edit | App\Http\Controllers\CommentController@edit | web,auth,can:update,comment |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
如上所示,中间件仅在使用
except
时应用于特定路由.也许这是框架中的一个错误。但很难确认这一点,因为这个选项似乎没有记录在案。甚至详细信息
authorizeResource()
方法不存在。
关于php - 仅“授权”资源的特定路由,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44524073/