Laravel - 在 API 请求上使用 Gates 进行授权

【问题标题】:Laravel - Using Gates on API requests for authorizationLaravel - 在 API 请求上使用 Gates 进行授权
【发布时间】:2020-01-14 15:10:12
【问题描述】:

我有一个使用门的角色和权限完美的 laravel 应用程序设置。例如,在网络路由文件中,我有这个效果很好:

WEB.PHP

Route::resource('groups', 'SuperAdmin\GroupsController')->middleware('can:SEE-admin-dashboard');

但是,当我尝试将相同的中间件应用于 API 请求(在 Vue 组件中)时,它不起作用。我不断收到未经授权的消息。这是我尝试过的两件事..

API.PHP

尝试 1-

Route::post('group_times', 'TimesController@custom_groups_times')->middleware('can:SEE-admin-dashboard');

尝试 2-

Route::middleware('auth:api')->post('group_times', 'TimesController@custom_groups_times', function(Request $request) {
    return $request->user();
});

我收到了 401 未经授权的消息:

我已经为每个用户设置了一个 API 令牌,如 Laravel 文档中所述。像这样,但没有这样的运气。

我错过了什么吗?

编辑:

这是来自 AuthServiceProvider.php 的代码

<?php

namespace App\Providers;

use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        // 'App\Model' => 'App\Policies\ModelPolicy',
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Passport::routes();


        // Implicitly grant "Super Admin" role all permissions
        // This works in the app by using gate-related functions like auth()->user->can() and @can()
        Gate::before(function ($user, $ability){
            return $user->hasRole('Super Admin') ? true : null;
        });

        //Superadmin check
        Gate::define('isSuperAdmin', function($user){
            return $user->hasRole('Super Admin');
        });

        //PLT Student check
        Gate::define('isPLTStudent', function($user){
            return $user->hasRole('PLT Student');
        });

        //Student check
        Gate::define('isStudent', function($user){
            return $user->hasRole('Student');
        });

        //SEE Admin Panel
        Gate::define('SEE-admin-panel', function($user){
            return $user->hasAnyRoles(['PLT Student']);
        });

        //SEE Admin Dashboard
        Gate::define('SEE-admin-dashboard', function($user){
            return $user->hasAnyRoles(['PLT Student']);
        });

        //USERS PERMISSIONS

            //Overall
            Gate::define('USERS-manage-users', function($user){
                return $user->hasAnyRoles(['PLT Student']);
            });

            //Specific
            Gate::define('USERS-create-users', function($user){
                return $user->hasRole('PLT Student');
            });
            Gate::define('USERS-view-users', function($user){
                return $user->hasRole('PLT Student');
            });
            Gate::define('USERS-edit-users', function($user){
                return $user->hasRole('PLT Student');
            });
            Gate::define('USERS-delete-users', function($user){
                return $user->hasRole('PLT Student');
            });

        //RUNS PERMISSIONS

        //Overall
        Gate::define('RUNS-manage-runs', function($user){
            return $user->hasAnyRoles(['PLT Student']);
        });

        //Specific
        Gate::define('RUNS-create-runs', function($user){
            return $user->hasRole('PLT Student');
        });
        Gate::define('RUNS-view-runs', function($user){
            return $user->hasAnyRoles(['PLT Student', 'Student']);
        });
        Gate::define('RUNS-edit-runs', function($user){
            return $user->hasRole('PLT Student');
        });
        Gate::define('RUNS-delete-runs', function($user){
            return $user->hasRole('PLT Student');
        });
        Gate::define('RUNS-delete-runs', function($user){
            return $user->hasRole('PLT Student');
        });

    //RUNTYPES PERMISSIONS

        //Overall
        Gate::define('RUNTYPES-manage', function($user){
            //return $user->hasAnyRoles(['PLT Student']);
        });

        //Overall
        Gate::define('RUNTYPES-view', function($user){
            return $user->hasAnyRoles(['PLT Student', 'Student']);
        });

    //RUNTYPES PERMISSIONS

        //Overall
        Gate::define('GROUP-manage', function($user){
            //return $user->hasAnyRoles(['PLT Student']);
        });
    }

}

Vue axios:

//Get time data to populate table
            getTimes(){
axios.post('/api/group_times', {
                group_id: this.group_id,
                amount: 5,
                season_id: this.season_id
            })
                .then(response => {
                        this.times = response.data;
                    }
                );
        },

【问题讨论】:

  • 发布您的中间件代码?以及如何发送令牌?
  • 我已经添加了上面的代码 - 考虑一下 - 我没有手动发送任何令牌,我以为 Laravel 处理了这个!

标签: php laravel laravel-5 laravel-6 laravel-6.2


【解决方案1】:

答案正盯着我的脸——这就是我的做法……

成功了!

Route::group(['middleware' => ['auth:api']], function () {
       Route::post('privacy_change', 'UsersController@privacy_change')->middleware('can:change_privacy');
});

显然是因为我找到了一些我以前不知道的信息...“开箱即用,Web 中间件组由 RouteServiceProvider 自动应用于您的 routes/web.php 文件。”

它现在正在工作!我只需要包装 API 路由

https://laracasts.com/discuss/channels/code-review/api-token-working-but-how-to-authorize-access-to-apis-by-rolespermissions

【讨论】:

    猜你喜欢
    • 2018-09-27
    • 2017-01-27
    • 2021-11-16
    • 1970-01-01
    • 2016-08-31
    • 2017-01-19
    • 1970-01-01
    • 1970-01-01
    • 2020-01-31
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode