2017-07-26 64 views
0

假设我设置了以下警卫,并以求职者和招聘人员的身份登录。我如何检查特定登录用户的授权能力?默认会简单地将当前登录用户传递给策略,但是哪一个?Laravel 5.2 - 在多重身份验证应用程序中检查授权功能

卫兵:

return [ 


    'guards' => [ 
     'jobseeker' => [ 
      'driver' => 'session', 
      'provider' => 'users', 
     ], 

     'recruiter' => [ 
      'driver' => 'session', 
      'provider' => 'users', 
     ], 

    ], 


    'providers' => [ 
     'users' => [ 
      'driver' => 'eloquent', 
      'model' => App\User::class, 
     ], 
    ], 

] 

政策:

protected $policies = [ 
    Post::class => PostPolicy::class, 
]; 

行动:

public function update($id) 
{ 
    $post = Post::findOrFail($id); 

    if (Gate::denies('update-post', $post)) { 
     abort(403); 
    } 

    // Update Post... 
} 

回答

0

也许下面:

public function update($id) 
{ 

    // get the user to authorize 
    $user = auth()->guard('recruiter')->user(); 

    $post = Post::findOrFail($id); 

    // option one 
    if (Gate::denies('update-post', [$user, $post])) { 
     abort(403); 
    } 

    // option two 
    if (Gate::forUser($user)->denies('update-post', $post)) { 
     abort(403); 
    } 

    // option 3 
    if ($user->cannot('update-post', $post)) { 
     abort(403); 
    } 

    // Update Post... 
}