温馨提示:本文翻译自stackoverflow.com,查看原文请点击:laravel - How to allow nova resource action in Policy
laravel laravel-nova

laravel - 如何在政策中允许新星资源行动

发布于 2020-03-27 11:05:57

Nova 2.0 Laravel 5.8

我有一个nova资源Document(包含文件url,相关外键和title),我已经policy使用create定义了它并且updatefalse设置为true,所有其他资源都设置为true,因此PDF是从另一资源生成的,因此我不需要允许它创建或编辑的文件,现在一切正常,但是与action此文档资源上的另一个文件一样,我想下载这些文件,但出现错误“ Sorry you are not authorized to take this action”,因此,如何action启用它Policy

DocumentPolicy类

<?php

namespace App\Policies;

use App\User;
use App\Models\Document;
use Illuminate\Auth\Access\HandlesAuthorization;

class DocumentPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view any documents.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function viewAny(User $user)
    {
        return true;
    }

    /**
     * Determine whether the user can view the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function view(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can create documents.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        return false;
    }

    /**
     * Determine whether the user can update the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function update(User $user, Document $document)
    {
        return false;
    }

    /**
     * Determine whether the user can delete the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function delete(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can restore the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function restore(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can permanently delete the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function forceDelete(User $user, Document $document)
    {
        return true;
    }

    public function download(User $user, Document $document)
    {
        return true;
    }
}

查看更多

查看更多

提问者
Prafulla Kumar Sahu
被浏览
133
分享
Chin Leung 2019-07-08 22:04

收到错误的原因是因为您的update方法在策略中返回false。

默认情况下,如果更新为false,Nova将不允许该操作。要对此进行测试,您可以尝试将其设置为true并再次进行测试。

要解决此问题,您必须更改注册操作的方式,以添加自定义回调来处理用户是否可以运行该操作,如下所示:

public function actions(Request $request)
{
    return [
        (new DownloadDocument)->canRun(function ($request, $document) {
            return $request->user()->can('download', $document);
        }),
    ];
}

这样,它将检查download文档策略中的update方法,而不是操作方法。

有关更多信息:https : //nova.laravel.com/docs/2.0/actions/registering-actions.html#authorizing-actions-per-resource

Prafulla Kumar Sahu 2019-07-08 22:00:12

我知道,但是在生成这些文档时我不希望对其进行编辑,因此我在此处返回false,并希望允许采取措施来下载它。

Chin Leung 2019-07-08 22:03:23

@PrafullaKumarSahu是的,我知道。我写的答案是使用updateset false

Prafulla Kumar Sahu 2019-07-08 22:04:40

似乎是这样,让我尝试与您联系,非常感谢您的努力🙂

相关问题

1
在Laravel中输入文字时如何附加?
2
我如何从数据透视表中获取“值”字段(产品为“值”)?
3
如何将 Postman 用于Laravel $ _POST请求
4
如何在Laravel中创建像波纹管这样的联接表
5
在laravel使用join和按月计数嵌套选择
6
将视图变量传递给Laravel 8中的随附布局模板
7
php artisan make:auth命令未定义
8
无效会话未注销
9
全新安装的laravel上没有vue组件
10
为什么用curl读取数据我得到字符串值?

热门github

1
Build Real-Time Knowledge Graphs for AI Agents
2
21 Lessons, Get Started Building with Generative AI 🔗 https://microsoft.github.io/generative-ai-for-beginners/ (翻译:12 节课程,开始使用生成式 AI 进行构建)
3
AI-powered multi-agent builder
4
Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions (翻译:包含Linux、Jenkins、AWS、SRE、Prometheus、Docker、Python、Ansible、Git、Kubernetes、Terraform、OpenStack、SQL、NoSQL、Azure、GCP、DNS、弹性、网络、虚拟化等DevOps 面试问题)
5
#1 Locally hosted web application that allows you to perform various operations on PDF files
6
Burn is a next generation Deep Learning Framework that doesn't compromise on flexibility, efficiency and portability.
7
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. (翻译:这个存储库是我每天在工作中使用的各种材料和工具的集合。)
8
ChatGPT DAN, Jailbreaks prompt
9
Master programming by recreating your favorite technologies from scratch. (翻译:在这个项目中,你能学会如何创造自己的各种工具,引擎,游戏,框架,库......)
10
Agent S: an open agentic framework that uses computers like a human
11
A GUI client for Windows, Linux and macOS, support Xray and sing-box and others (翻译:一个 V2Ray 的 Windows 客户端,支持 Xray 核心和 v2fly 核心)
12
Lightning-fast and Powerful Code Editor written in Rust (翻译:使用Rust编写的快速、强大的代码编辑器)
13
Claude can perform Web Search | Exa with MCP (Model Context Protocol)
14
Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous AI (gpt, claude, gemini, llama, qwen, mistral). Get started - free.
15
AeroSpace is an i3-like tiling window manager for macOS