Trotz wies darauf hin, durch @JeffPucket in his answer, die only
Option nicht für mich arbeiten. Ich bin mit Laravel 5.5 und was taten Arbeit war die inverse Logik:
public function __construct()
{
$this->authorizeResource(Photo::class, null, [
'except' => [ 'index', 'show' ],
]);
}
Beachten Sie, dass die Aktionen (Controller Methoden) zu dieser Option passieren sollten Sie nicht möchten, dass Ihre Politik anzuwenden. In diesem Fall umgehen index
und show
die Autorisierungs-Middleware.
Nur zum Vergleich, hier sind die Ergebnisse von php artisan route:list
wenn jede Option:
nur
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| | POST | comment | comment.store | App\Http\Controllers\[email protected] | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment | comment.index | App\Http\Controllers\[email protected] | web,auth,can:view,App\Http\Controllers\Comment |
| | GET|HEAD | comment/create | comment.create | App\Http\Controllers\[email protected] | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment/{comment} | comment.show | App\Http\Controllers\[email protected] | web,auth,can:view,comment |
| | PUT|PATCH | comment/{comment} | comment.update | App\Http\Controllers\[email protected] | web,auth,can:update,comment |
| | DELETE | comment/{comment} | comment.destroy | App\Http\Controllers\[email protected] | web,auth,can:delete,comment |
| | GET|HEAD | comment/{comment}/edit | comment.edit | App\Http\Controllers\[email protected] | web,auth,can:update,comment |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
außer
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
| | POST | comment | comment.store | App\Http\Controllers\[email protected] | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment | comment.index | App\Http\Controllers\[email protected]index | web,auth |
| | GET|HEAD | comment/create | comment.create | App\Http\Controllers\[email protected] | web,auth,can:create,App\Http\Controllers\Comment |
| | GET|HEAD | comment/{comment} | comment.show | App\Http\Controllers\[email protected] | web,auth |
| | PUT|PATCH | comment/{comment} | comment.update | App\Http\Controllers\[email protected] | web,auth,can:update,comment |
| | DELETE | comment/{comment} | comment.destroy | App\Http\Controllers\[email protected] | web,auth,can:delete,comment |
| | GET|HEAD | comment/{comment}/edit | comment.edit | App\Http\Controllers\[email protected] | web,auth,can:update,comment |
+--------+-----------+------------------------+-----------------+------------------------------------------------+--------------------------------------------------+
Wie Sie oben sehen können, die Middleware wird nur auf bestimmte Routen angewendet, wennverwendet wird.
Vielleicht ist dies ein Fehler im Framework. Aber es ist schwer zu bestätigen, da diese Option nicht dokumentiert zu sein scheint. Auch Details zu authorizeResource()
Methode sind nicht vorhanden.
Ich denke, Sie müssen Gates dafür verwenden (Schutz über Middleware) –