Laravel 5.2 - 在多重身份验证应用程序中检查授权功能
问题描述:
假设我设置了以下警卫,并以求职者和招聘人员的身份登录。我如何检查特定登录用户的授权能力?默认会简单地将当前登录用户传递给策略,但是哪一个?Laravel 5.2 - 在多重身份验证应用程序中检查授权功能
卫兵:
return [
'guards' => [
'jobseeker' => [
'driver' => 'session',
'provider' => 'users',
],
'recruiter' => [
'driver' => 'session',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
]
政策:
protected $policies = [
Post::class => PostPolicy::class,
];
行动:
public function update($id)
{
$post = Post::findOrFail($id);
if (Gate::denies('update-post', $post)) {
abort(403);
}
// Update Post...
}
答
也许下面:
public function update($id)
{
// get the user to authorize
$user = auth()->guard('recruiter')->user();
$post = Post::findOrFail($id);
// option one
if (Gate::denies('update-post', [$user, $post])) {
abort(403);
}
// option two
if (Gate::forUser($user)->denies('update-post', $post)) {
abort(403);
}
// option 3
if ($user->cannot('update-post', $post)) {
abort(403);
}
// Update Post...
}