记录帖
一、授权
只允许管理员删除用户,给管理员授权时,可以这样做,首先:
创建UserPolicy类:
php artisan make:policy UserPolicy
然后在UserPolicy中添加destroy方法
app/policies/UserPolicy.php
<?php
namespace AppPolicies;
use AppModelUser;
use IlluminateAuthAccessHandlesAuthorization;
class UserPolicy
{
use HandlesAuthorization;public function destroy(User $currentUser, User $user)//$currentUser 为当前登录的用户,$user为需要验证的用户{
return $currentUser->is_admin && $currentUser->id !== $user->id;
}
}
然后在AuthServiceProvider里添加:
AppModelUser::class => AppPoliciesUserPolicy::class,
app/providers/AuthServiceProvider.php
<?php
namespace AppProviders;
use IlluminateSupportFacadesGate;
use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
'AppModel' => 'AppPoliciesModelPolicy',
AppModelUser::class => AppPoliciesUserPolicy::class,
];
}
最后,在控制器方法中调用即可:
public function destroy(User $user)
{
$this->authorize('destroy', $user);
$user->delete();
session()->flash('success', '成功删除用户!');
return back();
}