laravel中的plicy授权方法:

1.用命令新建policy:

php artisan make:policy PostPolicy

  

2.在app/Policies/PostPolicy.php中添加处理文件的权限的方法:

//修改:
    public function update(User $user, Post $post)
    {
        return $user->id == $post->user_id;
    }
    //删除权限:
    public function delete(User $user, Post $post)
    {
        return $user->id == $post->user_id;
    }

  

控制器中,添加权限限制:

//更新文章:
    public function update(Post $post)
    {
        //验证:
        $this->validate(request(), [
            'title' => 'required|string|max:100|min:10',
            'content' => 'required|string|min:4'
        ]);
        $this->authorize('update', $post);
        //逻辑:
        $post->title = \request('title');
        $post->content = \request('content');
        $post->save();
        return redirect("/posts/{$post->id}");
    }

    //删除逻辑:
    public function delete(Post $post)
    {
        $this->authorize('delete', $post); 
    //TODD 用户的权限验证:
    $post->delete();
    return redirect("/posts");
  }

  

在视图中,对授权的使用:

<div style="display:inline-flex">
   <h2 class="blog-post-title">{{$post->title}}</h2>
   @can('update',$post)
        <a style="margin: auto" href="/posts/{{$post->id}}/edit">
          <span class="glyphicon glyphicon-pencil" aria-hidden="true"></span>
        </a>
   @endcan
   @can('delete',$post)
       <a style="margin: auto" href="{{url('/posts/'.$post->id.'/delete')}}">
         <span class="glyphicon glyphicon-remove" aria-hidden="true"></span>
       </a>
   @endcan
</div>

  

 

posted @ 2018-03-25 21:17  生如逆旅,一苇以航  阅读(314)  评论(0编辑  收藏  举报