class UsersController extends Controller
{
public function __construct()
{
$this->middleware('auth', [ 'only' => ['edit', 'update'] ]);
} . . .
}
$this->middleware()调用auth中间件的only方法限制edit,update动作。(auth中间件在app/http/middleware/Authenticate.php???不在吧)将auth修改成authg会导致
ReflectionException in Container.php line 741:
Class authg does not exist。
2、php artisan make:policy UserPolicy 在app/policies/生成UserPolicy.php限制用户权限政策文件。增加update方法
class UserPolicy
{
use HandlesAuthorization;
public function update(User $currentUser, User $user)
{
return $currentUser->id === $user->id; }
}
在app/providers/AuthServiceProvider将Model与Policy联系起来:
protected $policies = [ 'App\Model' => 'App\Policies\ModelPolicy', User::class => UserPolicy::class, ];
方便在UserContoller中通过$this->authorize(‘update’,$user)(该方法由UserContoller继承Controller包含的authorizesRequests特性携带,可以被用于快速授权一个指定的行为)调用
