温馨提示:本文翻译自stackoverflow.com,查看原文请点击:laravel - How to allow nova resource action in Policy

laravel - 如何在政策中允许新星资源行动

发布于 2020-03-27 11:05:57

Nova 2.0 Laravel 5.8

我有一个nova资源Document(包含文件url,相关外键和title),我已经policy使用create定义了它并且updatefalse设置为true,所有其他资源都设置为true,因此PDF是从另一资源生成的,因此我不需要允许它创建或编辑的文件,现在一切正常,但是与action此文档资源上的另一个文件一样,我想下载这些文件,但出现错误“ Sorry you are not authorized to take this action”,因此,如何action启用它Policy

DocumentPolicy类

<?php

namespace App\Policies;

use App\User;
use App\Models\Document;
use Illuminate\Auth\Access\HandlesAuthorization;

class DocumentPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view any documents.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function viewAny(User $user)
    {
        return true;
    }

    /**
     * Determine whether the user can view the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function view(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can create documents.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        return false;
    }

    /**
     * Determine whether the user can update the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function update(User $user, Document $document)
    {
        return false;
    }

    /**
     * Determine whether the user can delete the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function delete(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can restore the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function restore(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can permanently delete the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function forceDelete(User $user, Document $document)
    {
        return true;
    }

    public function download(User $user, Document $document)
    {
        return true;
    }
}

查看更多

查看更多

提问者
Prafulla Kumar Sahu
被浏览
37
Chin Leung 2019-07-08 22:04

收到错误的原因是因为您的update方法在策略中返回false。

默认情况下,如果更新为false,Nova将不允许该操作。要对此进行测试,您可以尝试将其设置为true并再次进行测试。

要解决此问题,您必须更改注册操作的方式,以添加自定义回调来处理用户是否可以运行该操作,如下所示:

public function actions(Request $request)
{
    return [
        (new DownloadDocument)->canRun(function ($request, $document) {
            return $request->user()->can('download', $document);
        }),
    ];
}

这样,它将检查download文档策略中的update方法,而不是操作方法。

有关更多信息:https : //nova.laravel.com/docs/2.0/actions/registering-actions.html#authorizing-actions-per-resource

发布
问题

分享
好友

手机
浏览

扫码手机浏览