1.用命令新建policy:
php artisan make:policy PostPolicy
2.在app/Policies/PostPolicy.php中添加处理文件的权限的方法:
//修改: public function update(User $user, Post $post) { return $user->id == $post->user_id; } //删除权限: public function delete(User $user, Post $post) { return $user->id == $post->user_id; }
控制器中,添加权限限制:
//更新文章: public function update(Post $post) { //验证: $this->validate(request(), [ 'title' => 'required|string|max:100|min:10', 'content' => 'required|string|min:4' ]); $this->authorize('update', $post); //逻辑: $post->title = equest('title'); $post->content = equest('content'); $post->save(); return redirect("/posts/{$post->id}"); } //删除逻辑: public function delete(Post $post) { $this->authorize('delete', $post);
//TODD 用户的权限验证:
$post->delete();
return redirect("/posts");
}
在视图中,对授权的使用:
<div style="display:inline-flex"> <h2 class="blog-post-title">{{$post->title}}</h2> @can('update',$post) <a style="margin: auto" href="/posts/{{$post->id}}/edit"> <span class="glyphicon glyphicon-pencil" aria-hidden="true"></span> </a> @endcan @can('delete',$post) <a style="margin: auto" href="{{url('/posts/'.$post->id.'/delete')}}"> <span class="glyphicon glyphicon-remove" aria-hidden="true"></span> </a> @endcan </div>