laravel5.1 -- ACL(Access Control List) Policies篇

时间 2019-12-13

标签 laravel5.1 laravel acl access control list policies 繁體版

原文原文链接

Introduction

在laravel中，Policies提供了管理受权逻辑以便控制对资源的访问权限。例如，咱们能够利用poslicies来肯定当前的user是否有修改一篇文章的权限。php

生成一个`PostPolicy`

$ php artisan make:policy PostPlicy

生成的App/Policies/PostPolicy.php以下laravel

<?php

namespace App\Policies;

use Illuminate\Auth\Access\HandlesAuthorization;

class PostPolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */
    public function __construct(){
    
    }
}

注册PostPolicy

将PostPolicy注册到App/Providers/AuthServiceProvider中,注意要加上注释的编号部分（I,II,III）git

<?php
// App/Providers/AuthServiceProvider.php

namespace App\Providers;

use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

use App\Http\Models\Post;     // I
use App\Policies\PostPolicy;  // II

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        Post::class => PostPolicy::class,  // III
    ];

    /**
     * Register any application authentication / authorization services.
     *
     * @param  \Illuminate\Contracts\Auth\Access\Gate  $gate
     * @return void
     */
    public function boot(GateContract $gate)
    {
        parent::registerPolicies($gate);

        //
    }
}

定义`change`方法

在App/Policies/PostPolicy.php中，定义change方法github

<?php
// App/Policies/PostPolicy.php;

namespace App\Policies;

use App\Http\Models\User;
use App\Http\Models\Post;

use Illuminate\Auth\Access\HandlesAuthorization;

class PostPolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */

    /**
    * Grant all abilities to administrator
    *
    * @param App\Http\Models\User $user
    * @param string $ability
    * @return bool
    */
    public function before($user, $ability){
        if(session('statut') === 'admin'){
            return true;
        }
    }

    /**
    * Determine if the given post can be changed by current user
    *
    * @param App\Http\Models\User $user
    * @param App\Http\Models\Post $post
    * @return bool
    */
    public function change($user, $post){  

        return $user->user()->id === $post->user_id;
    }
}

注意：
1.由于laravel5.1的多用户验证用的是Kbwebs/MultiAuth的,因此，在全部的$user->后面都要加上user(),包括Auth::。
2.官方文档中是这样写的web

public function update(User $user, Post $post)
    {
        return $user->id === $post->user_id;
    }

在update方法中写上了User和Post类，其实写上反而提示错误，不写是对的ajax

3.若是想给adminstrator全部的权限，只须要在PostPolicy.php中添加before方法
如上面所示json

控制器验证Policies

<?php
// App/Http/Controllers/Home/BlogController.php

namespace App\Http\Controllers\Home;

use Illuminate\Http\Request;

use App\Policies\PostPolicy;
use App\Http\Controllers\Controller;
use App\Repositories\BlogRepository;

     /**
    * Create BlogRepository instance
    *
    * @var App\Repositories\BlogRepository
    */
    protected $blog_gestion;

    /**
    * Create a new BlogController instance.
    *
    * @param App\Repositories\UserRepository $uesr_gestion
    * @param App\Repositories\BlogRepository $blog_gestion
    * @return void
    */
    public function __construct(UserRepository $user_gestion, BlogRepository $blog_gestion){
        $this->user_gestion = $user_gestion;
        $this->blog_gestion = $blog_gestion;

        $this->middleware('admin', ['only' => 'updateSeen']);
        $this->middleware('ajax', ['only'=> ['updateSeen', 'updateActive']]);
    }
    
    /**
    * Update "active" for the specified resource in storage
    *
    * @param Illuminate\Http\Request $request
    * @param int $id
    * @return Response
    */
    public function updateActive(Request $request, $id){
        
        $post = $this->blog_gestion->getById($id);

        // authorize验证当前用户是否有修改此文章的权限，若是没有，则返回403 Forbidden
        $this->authorize('change', $post);  

        $this->blog_gestion->updateActive($request->all(), $id);

        return response()->json();

    }

App/Repositories/BlogRepository.php中部分代码session

/**
    * Update "active" in a post
    * 
    * @param array $data
    * @param int $id
    * @return void
    */
    public function updateActive($data, $id){
        $post = $this->getById($id);

        $post->active = $data['active'] == 'true';

        $post->save();
    }

1. list control 【转】
2. ACL(Access Control List)
3. list control总结1
4. win32实现List Control
5. Cache Policies
6. Laravel5.1 表单验证
7. Istio Policies and Telemetry
8. HTTP之Cache-Control篇
9. Laravel5.1 控制器--Controller
10. Laravel5.1 事件--Event
更多相关文章...
• ASP.NET HtmlSelect Control - ASP.NET 教程
• Scala List(列表) - Scala教程
• 三篇文章了解 TiDB 技术内幕——说存储
• 再有人问你分布式事务，把这篇扔给他