我正在尝试删除属于发帖用户的帖子,但出现此错误(顺便说一句,这是在网络日志中)
"/Applications/MAMP/htdocs/eli42/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php" line : 201 message : "This action is unauthorized." trace : [{,…},…]
我正在使用 laravel 5.5 policy不确定我这样做是否正确,我在 $protected policies
的 AuthServiceProvider 中注册了它Post::class => PostPolicy::class,
路线
Route::delete('auth/post/{id}', 'PostController@destroy');
PostPolicy.php
<?php
namespace App\Policies;
use App\User;
use App\Post;
use Illuminate\Auth\Access\HandlesAuthorization;
class PostPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view the post.
*
* @param \App\User $user
* @param \App\Post $post
* @return mixed
*/
public function view(User $user, Post $post)
{
//
}
/**
* Determine whether the user can create posts.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
}
/**
* Determine whether the user can update the post.
*
* @param \App\User $user
* @param \App\Post $post
* @return mixed
*/
public function update(User $user, Post $post)
{
//
}
/**
* Determine whether the user can delete the post.
*
* @param \App\User $user
* @param \App\Post $post
* @return mixed
*/
public function delete(User $user, Post $post)
{
//
return $user->id === $post->user_id;
}
PostController.php(此文件有更多代码,但我想突出显示删除功能)
<?php
namespace App\Http\Controllers;
use App\Post;
use App\User;
use App\Policies\TaskPolicy;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
class PostController extends Controller
{
public function destroy($id, Post $post)
{
$mypost = $this->authorize('delete',$post);
if($mypost){
Post::destroy($id);
}
}
}
Main.js 删除帖子
$scope.deletePost = function(post){
var index = $scope.myposts.indexOf(post);
if(index != -1){
$scope.myposts.splice(index, 1);
}
$http.delete('auth/post/' + post.id);
};
html
<button ng-click="deletePost(post)">x</button>
之前
之后
最佳答案
你不需要检索帖子,让 Laravel 为你做这件事。
将你的路线编辑成这样:
Route::delete('auth/post/{post}', 'PostController@destroy');
请注意,大括号之间的 post
将是分配给 Laravel 发现的帖子的变量名。如果没有找到帖子,Laravel 将返回 Not Found 404。
然后在你的 Controller 中,你必须告诉 Laravel 你期待一个通过路由的帖子:
方法签名将是这样的:destroy(Post $post)
。 $post
是您 route 的 {post}
。
最后,对于授权,你不会得到授权方法
返回的帖子。您将 Laravel 找到的 $post
传递给 authorize
方法。
这是完整的方法:
public function destroy(Post $post)
{
$this->authorize('delete', $post);
if ($post->delete()) {
return response()->json(['message' => 'deleted']);
};
return response()->json(['error' => 'something went wrong'], 400);
}
关于php - Laravel 操作未获得授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47319516/