介绍在laravel中,Policies提供管理授权逻辑来控制对资源的访问。比如我们可以使用poslicies来判断当前用户是否有修改文章的权限。生成一个PostPolicy$phpartisanmake:policyPostPlicy生成的App/Policies/PostPolicy.php如下'App\Policies\ModelPolicy',Post::class=>PostPolicy::class,//III];/***注册任何应用程序身份验证/授权服务。**@param\Illuminate\Contracts\Auth\Access\Gate$gate*@returnvoid*/publicfunctionboot(GateContract$gate){parent::registerPolicies($gate);}//}}定义更改方法在App/Policies/PostPolicy.php中,定义更改方法user()->id===$post->user_id;}}注意:1.因为laravel5.1的多用户认证使用的是Kbwebs/MultiAuth,所以在所有$user->,IncludeAuth::之后都要加上user():2.官方文档中是这样写的publicfunctionupdate(User$user,Post$post){return$user->id===$post->user_id;}在update方法中写User和Post类,其实写了会提示错误。不写是对的。3、如果想给adminstrator所有权限,只需要在PostPolicy.php中添加before方法,如上所示。/Home/BlogController.phpnamespaceApp\Http\Controllers\Home;使用Illuminate\Http\Request;使用App\Policies\PostPolicy;使用App\Http\Controllers\Controller;使用App\Repositories\BlogRepository;/***创建BlogRepository实例**@varApp\Repositories\BlogRepository*/protected$blog_gestion;/***创建一个新的BlogController实例。**@paramApp\Repositories\UserRepository$uesr_gestion*@paramApp\Repositories\BlogRepository$blog_gestion*@returnvoid*/publicfunction__construct(UserRepository$user_gestion,BlogRepository$blog_gestion){$this->user_gestion=$user_gestion;}$this->blog_gestion=$blog_gestion;$this->middleware('admin',['only'=>'updateSeen']);$this->middleware('ajax',['only'=>['updateSeen','updateActive']]);}/***更新存储中指定资源的“活动”**@paramIlluminate\Http\Request$request*@paramint$id*@returnResponse*/publicfunctionupdateActive(Request$request,$id){$post=$this->blog_gestion->getById($id);//authorize验证当前用户是否有修改这篇文章的权限,如果没有,返回403Forbidden$this->authorize('change',$post);$this->blog_gestion->updateActive($request->all(),$id);返回响应()->json();}App/Repositories/BlogRepository.php/中的部分代码***在帖子中更新“active”**@paramarray$data*@paramint$id*@returnvoid*/publicfunctionupdateActive($data,$id){$post=$this->getById($id);$post->active=$data['active']=='true';$post->;节省();}
