当前用户没有修改自己信息的权限?
UserPolicy.php
class UserPolicy
{
use HandlesAuthorization;
// /**
// * Create a new policy instance.
// *
// * @return void
// */
// public function __construct()
// {
// //
// }
public function update(User $currentUser, User $user)
{
return $currentUser->id === $user->id;
}
}
AuthServiceProvider.php
class AppServiceProvider extends ServiceProvider
{
// /**
// * Bootstrap any application services.
// *
// * @return void
// */
// public function boot()
// {
// //
// }
//
// /**
// * Register any application services.
// *
// * @return void
// */
// public function register()
// {
// //
// }
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies=[
'App\Model' => 'App\Policies\ModelPolicy',
\App\Models\User::class => \App\Policies\UserPolicy::class,
];
}
UsersController.php
public function edit(User $user)
{
$this->authorize('update', $user);
return view('users.edit',compact('user'));
}
public function update(user $user, Request $request)
{
$this->validate($request,[
'name'=>'required|unique:users|max:50',
'password'=>'nullable|confirmed|min:6'
]);
$this->authorize('update', $user);
$data=[];
$data['name']=$request->name;
if ($request->password){
$data['password']=bcrypt($request->password);
}
$user->update($data);
session()->flash('success','更新成功');
return redirect()->route('users.show', $user->id);
}
问题是在edit()和update()加上$this->authorize('update', $user);
后才发生的
推荐文章: