laravel 授权、用户验证
记录帖
一、授权
只允许管理员删除用户,给管理员授权时,可以这样做,首先:
创建UserPolicy类:
php artisan make:policy UserPolicy
然后在UserPolicy中添加destroy方法
app/policies/UserPolicy.php
<?php
namespace App\Policies;
use App\Model\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class UserPolicy
{
use HandlesAuthorization;public function destroy(User $currentUser, User $user)//$currentUser 为当前登录的用户,$user为需要验证的用户{
return $currentUser->is_admin && $currentUser->id !== $user->id;
}
}
然后在AuthServiceProvider里添加:
\App\Model\User::class => \App\Policies\UserPolicy::class,
app/providers/AuthServiceProvider.php
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
\App\Model\User::class => \App\Policies\UserPolicy::class,
];
}
最后,在控制器方法中调用即可:
public function destroy(User $user)
{
$this->authorize('destroy', $user);
$user->delete();
session()->flash('success', '成功删除用户!');
return back();
}
记录点滴,迭代精进,追求新生。Email: 942298768@qq.com