【问题标题】:Spatie/Laravel-Permission mapping permissions with controller methodsSpatie/Laravel-Permission 使用控制器方法映射权限
【发布时间】:2018-07-05 06:24:32
【问题描述】:

有人知道将控制器方法映射到权限授权的方法吗?

假设我有 20 个控制器,有 index,store,showdelete 方法,我不想在这个控制器的每个方法中放入对应的权限,只是为了...干燥。

我想做的是尝试将权限映射到控制器操作。

一个例子是:

https://laravel.com/docs/5.5/authorization#writing-gates

Gate::resource('posts', 'PostPolicy');

这与手动定义以下门定义相同:

Gate::define('posts.view', 'PostPolicy@view');

Gate::define('posts.create', 'PostPolicy@create');

Gate::define('posts.update', 'PostPolicy@update');

Gate::define('posts.delete', 'PostPolicy@delete');

对我来说,这样的东西适合:

Permission::map('route', 'permission');
Permission::map('users.store', 'create-user');

甚至更好

Permission::mapResource('users', '????');

【问题讨论】:

    标签: php laravel laravel-authorization


    【解决方案1】:

    我为此创建了一个 Trait,如果您有更好的建议,请。

    namespace App\Traits;
    
    use Illuminate\Support\Facades\Auth;
    use Illuminate\Support\Facades\Request;
    use Illuminate\Support\Pluralizer;
    use Spatie\Permission\Exceptions\UnauthorizedException;
    
    trait Authorisation
    {
        private $permissions = [
            'index'   => 'view',
            'store'   => 'create',
            'show'    => 'view',
            'update'  => 'edit',
            'destroy' => 'delete'
        ];
    
        private $action;
    
        public function callAction($method, $parameters)
        {
    
            $permission = $this->getPermission($method);
    
            if(($permission && Auth::user()->can($permission)) || !$permission)
                return parent::callAction($method, $parameters);
    
            if(Request::ajax()) {
                return response()->json([
                    'response' => str_slug($permission.'_not_allowed', '_')
                ], 403);
            }
    
            throw UnauthorizedException::forPermissions([$permission]);
        }
    
        public function getPermission($method)
        {
            if(!$this->action = array_get($this->getPermissions(), $method)) return null;
    
            return  $this->routeName() ?  $this->actionRoute() : $this->action;
        }
    
        public function registerActionPermission($action, $permission) {
            $this->permissions[$action] = $permission;
        }
    
        private function actionRoute() {
            return Pluralizer::singular($this->action . '-' . $this->routeName());
        }
    
        private function routeName() {
            return explode('.', Request::route()->getName())[0];
        }
    
        private function getPermissions()
        {
            return $this->permissions;
        }
    }
    

    并在控制器中使用它:

    use Authorisation;
    

    如果想要对$permissions 中不存在的操作的自定义权限:

    $this->registerActionPermission('action_name', 'action-permission');
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2017-03-11
      • 1970-01-01
      • 1970-01-01
      • 2018-08-11
      • 1970-01-01
      • 2020-07-02
      • 2021-02-16
      • 2020-02-01
      相关资源
      最近更新 更多