I'm trying to make authorization using policy and middleware. I wrote a model called Absence, a Policy called RoutePolicy, registered it in AuthServiceProvider.
I wrote a route like this (I'm using Dingo / I suppose that if I've been using Route::get it would have been the same):
$dingoApi->get('absence/{user}','AbsenceController@index')->middleware('can:view,user');
It turns out that right policy is never called, it seems that Laravel isn't able to make the link with AbsencePolicy.
What is going wrong?
Here are the code excerpts of the relevant classes:
class AbsencePolicy
{
use HandlesAuthorization;
protected function authorize($User) {
return Auth::user() == $User.id;
}
/**
* Determine whether the user can view the absence.
*
* @param \App\User $user
* @param \App\Absence $absence
* @return mixed
*/
public function view(User $user, Absence $absence)
{
//
return authorize($User);
}
...
AuthServiceProvider
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
'App\Absence' => 'App\Policies\AbsencePolicy',
'App\User' => 'App\Policies\AbsencePolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
....
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2ih7ile
via IFTTT
Aucun commentaire:
Enregistrer un commentaire