policy 策略中 destroy (User $user, Sentence $sentence),User 从哪里来的?

$this->authorize('destroy', $sentence);

destroy(User $user, Sentence $sentence)

User从哪里获取的

《L05 电商实战》
从零开发一个电商项目,功能包括电商后台、商品 & SKU 管理、购物车、订单管理、支付宝支付、微信支付、订单退款流程、优惠券等
《G01 Go 实战入门》
从零开始带你一步步开发一个 Go 博客项目,让你在最短的时间内学会使用 Go 进行编码。项目结构很大程度上参考了 Laravel。
讨论数量: 3
liyu001989

看一下 authorize 方法就明白了

6年前 评论

固定的写法,框架会自动注入当前登录用户的实例,就是那个$user代表当前登录用户

5年前 评论
  • \Illuminate\Auth\Access\Gate::raw方法:

        public function raw($ability, $arguments = [])
        {
            $arguments = Arr::wrap($arguments);
    
            $user = $this->resolveUser();
    
            // First we will call the "before" callbacks for the Gate. If any of these give
            // back a non-null response, we will immediately return that result in order
            // to let the developers override all checks for some authorization cases.
            $result = $this->callBeforeCallbacks(
                $user, $ability, $arguments
            );
    
            if (is_null($result)) {
                $result = $this->callAuthCallback($user, $ability, $arguments);
            }
    
            // After calling the authorization callback, we will call the "after" callbacks
            // that are registered with the Gate, which allows a developer to do logging
            // if that is required for this application. Then we'll return the result.
            return $this->callAfterCallbacks(
                $user, $ability, $arguments, $result
            );
        }
  • 可以看出 $user = $this->resolveUser(); 这句就取出了当前user, $this->callAuthCallback($user, $ability, $arguments); 这个就是调用回调函数,最终是在\Illuminate\Auth\Access\Gate::callPolicyMethod的$policy->{$method}($user, ...$arguments)这里调用的。看到第一个$user参数了吧,这就是框架注入的$user.

    /**
        * Call the appropriate method on the given policy.
        *
        * @param  mixed  $policy
        * @param  string  $method
        * @param  \Illuminate\Contracts\Auth\Authenticatable|null  $user
        * @param  array  $arguments
        * @return mixed
        */
        protected function callPolicyMethod($policy, $method, $user, array $arguments)
        {
            // If this first argument is a string, that means they are passing a class name
            // to the policy. We will remove the first argument from this argument array
            // because this policy already knows what type of models it can authorize.
            if (isset($arguments[0]) && is_string($arguments[0])) {
                array_shift($arguments);
            }
    
            if (! is_callable([$policy, $method])) {
                return null;
            }
    
            if ($this->canBeCalledWithUser($user, $policy, $method)) {
                return $policy->{$method}($user, ...$arguments); //就是这里
            }
        }
  • Trace如下:
        App\Policies\TopicPolicy->update()
        Illuminate\Auth\Access\Gate->callPolicyMethod()
        Illuminate\Auth\Access\Gate->callAuthCallback()
        Illuminate\Auth\Access\Gate->raw()
        Illuminate\Auth\Access\Gate->authorize()
        App\Http\Controllers\Api\TopicsController->authorize()
        App\Http\Controllers\Api\TopicsController->update()
5年前 评论

讨论应以学习和精进为目的。请勿发布不友善或者负能量的内容,与人为善,比聪明更重要!