1.用命令新建policy:
php artisan make:policy PostPolicy
2.在app/Policies/PostPolicy.php中添加处理文件的权限的方法:
//修改:
public function update(User $user, Post $post)
{
return $user->id == $post->user_id;
}
//删除权限:
public function delete(User $user, Post $post)
{
return $user->id == $post->user_id;
}
控制器中,添加权限限制:
//更新文章:
public function update(Post $post)
{
//验证:
$this->validate(request(), [
'title' => 'required|string|max:100|min:10',
'content' => 'required|string|min:4'
]);
$this->authorize('update', $post);
//逻辑:
$post->title =
equest('title');
$post->content =
equest('content');
$post->save();
return redirect("/posts/{$post->id}");
}
//删除逻辑:
public function delete(Post $post)
{
$this->authorize('delete', $post);
//TODD 用户的权限验证:
$post->delete();
return redirect("/posts");
}
在视图中,对授权的使用:
<div style="display:inline-flex">
<h2 class="blog-post-title">{{$post->title}}</h2>
@can('update',$post)
<a style="margin: auto" href="/posts/{{$post->id}}/edit">
<span class="glyphicon glyphicon-pencil" aria-hidden="true"></span>
</a>
@endcan
@can('delete',$post)
<a style="margin: auto" href="{{url('/posts/'.$post->id.'/delete')}}">
<span class="glyphicon glyphicon-remove" aria-hidden="true"></span>
</a>
@endcan
</div>