Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationEventAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
0
Help us understand the problem. What are the problem?

posted at

updated at

認可 設定 laravel

認可について

ポリシーを登録する

→※AppServiceProvider.phpと間違いやすいので注意する

AuthServiceProvider.php
<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
//①↓useの宣言を追加(下記)
use App\Article;
use App\Policies\ArticlePolicy;


use App\Article;
use App\Policies\Articlepolicy;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        Article::class => Articlepolicy::class,
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

① Article、ArticlePolicyを使うためにはそれらをあらかじめ呼び出す必要がある。

use App\Article;
use App\Policies\ArticlePolicy;

を追加

② 元々書いてある

'App\Model' => 'App\Policies\ModelPolicy',

の下に

Article::class => Articlepolicy::class,

を追加

ポリシーを作る

$ php artisan make:policy ArticlePolicy
ArticlePolicy.php
<?php

namespace App\Policies;

use App\User;
use App\Article;
use Illuminate\Auth\Access\HandlesAuthorization;

class ArticlePolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can update the article.
     *
     * @param \App\User $user
     * @param \App\Article $article
     * @return boolean
     */
    public function update(User $user, Article $article)
    {
        if ($user->id === $article->user_id) {
            return true;
        } else {
            return false;
        }
    }

    /**
     * Determine whether the user can delete the article.
     *
     * @param \App\User $user
     * @param \App\Article $article
     * @return boolean
     */
    public function delete(User $user, Article $article)
    {
        if ($user->id === $article->user_id) {
            return true;
        } else {
            return false;
        }
    }
}

いらないメソッドは消しておく

view

@can('delete', $articles)
                {!! Form::open(['method' => 'DELETE', 'route' => ['delete', $articles->id]]) !!}
                {!! Form::submit('削除する', ['class'=>'btn btn-danger rounded-pill', 'onclick' => 'return deleteAlert();']) !!}
                @endcan
@can('update', $articles)
                    <a href="{{ action('ArticleController@showEdit', $articles->id) }}"
                       class="btn btn-success rounded-pill"> 編集する </a>
                @endcan

コントローラー

    /**
     * 投稿編集フォームを表示する
     * @param int $id
     * @return view
     */
    public function showEdit($id)
    {
        $articles = Article::find($id);
        $tags = Tag::all();
        $this->authorize('update', $articles);
        return view('edit', compact('articles', 'tags'));
    }

    /**
     * 新規記事編集機能
     * @param Request $request , int $id
     * @return Redirect 一覧ページ-メッセージ(記事更新完了)
     */
    public function update(Request $request, $id)
    {
        $this->validator($request);

        try {
            $article = Article::find($id);
            $this->authorize('update', $article);
            $article->title = $request->input('title');
            $article->content = $request->input('content');
            $article->update();
            $article->tags()->sync($request->input('tags'));

        } catch (\Exception $e) {
            return back()->with('msg_error', '記事更新に失敗しました')->withInput();
        }
        return redirect()->route('articles_index')->with('msg_success', '記事更新が完了しました');
    }

どのメソッドにも $this->authorize('', ); と書くのは面倒くさい。
→authorizeResource() が使える。

    public function __construct()
    {
        $this->authorizeResource(Article::class, 'article');
    }

しかし・・・

注意すること

※ laravel 6以上を使ってるとviewAnyをPolicyにいれないといけない

ArticlePolicy.php
    public function viewAny(User $user)
    {
        return true;
    }

曽於のため上記を追加

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
0
Help us understand the problem. What are the problem?