用户授权policy

  • 定义策略类

php artisan make:policy PostPolicy

app/Policies/PostPolicy.php

    public function update(User $user,Post $post){
        return $user->id === $post->user_id;
    }

    public function delete(User $user,Post $post){
        return $user->id === $post->user_id;
    }
  • 注册策略类和模型关联

app/Providers/AuthServiceProvider.php

   protected $policies = [
//        'App\Model' => 'App\Policies\ModelPolicy',
        'App\Post'  => 'App\Policies\PostPolicy'
    ];

resources/views/post/show.blade.php

@can('update',$post)
 <!-- 编辑操作 -->
@endcan

@can('delete',$post)
<!-- 删除操作 -->
@endcan
  • 策略判断

$this->authorize('update',$post);

 

posted on 2018-11-29 13:50  爱吃柠檬不加糖  阅读(171)  评论(0编辑  收藏  举报

导航