我有一个使用门的角色和权限完美的 laravel 应用程序设置。例如,在网络路由文件中,我有这个效果很好:
WEB.PHP
Route::resource('groups', 'SuperAdmin\GroupsController')->middleware('can:SEE-admin-dashboard');
但是,当我尝试将相同的中间件应用于 API 请求(在 Vue 组件中)时,它将无法正常工作。我不断收到未经授权的消息。这是我尝试过的两件事..
API.PHP
尝试1-
Route::post('group_times', 'TimesController@custom_groups_times')->middleware('can:SEE-admin-dashboard');
尝试2-
Route::middleware('auth:api')->post('group_times', 'TimesController@custom_groups_times', function(Request $request) {
return $request->user();
});
我收到 401 未经授权的消息:
如 Laravel 文档中所述,我已经为每个用户设置了一个 API 令牌。像这样,但没有这样的运气。
我在这里错过了什么吗?
编辑:
这是来自 AuthServiceProvider.php 的代码
<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Passport::routes();
// Implicitly grant "Super Admin" role all permissions
// This works in the app by using gate-related functions like auth()->user->can() and @can()
Gate::before(function ($user, $ability){
return $user->hasRole('Super Admin') ? true : null;
});
//Superadmin check
Gate::define('isSuperAdmin', function($user){
return $user->hasRole('Super Admin');
});
//PLT Student check
Gate::define('isPLTStudent', function($user){
return $user->hasRole('PLT Student');
});
//Student check
Gate::define('isStudent', function($user){
return $user->hasRole('Student');
});
//SEE Admin Panel
Gate::define('SEE-admin-panel', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//SEE Admin Dashboard
Gate::define('SEE-admin-dashboard', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//USERS PERMISSIONS
//Overall
Gate::define('USERS-manage-users', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//Specific
Gate::define('USERS-create-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-view-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-edit-users', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('USERS-delete-users', function($user){
return $user->hasRole('PLT Student');
});
//RUNS PERMISSIONS
//Overall
Gate::define('RUNS-manage-runs', function($user){
return $user->hasAnyRoles(['PLT Student']);
});
//Specific
Gate::define('RUNS-create-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-view-runs', function($user){
return $user->hasAnyRoles(['PLT Student', 'Student']);
});
Gate::define('RUNS-edit-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-delete-runs', function($user){
return $user->hasRole('PLT Student');
});
Gate::define('RUNS-delete-runs', function($user){
return $user->hasRole('PLT Student');
});
//RUNTYPES PERMISSIONS
//Overall
Gate::define('RUNTYPES-manage', function($user){
//return $user->hasAnyRoles(['PLT Student']);
});
//Overall
Gate::define('RUNTYPES-view', function($user){
return $user->hasAnyRoles(['PLT Student', 'Student']);
});
//RUNTYPES PERMISSIONS
//Overall
Gate::define('GROUP-manage', function($user){
//return $user->hasAnyRoles(['PLT Student']);
});
}
}
Vue axios:
//Get time data to populate table
getTimes(){
axios.post('/api/group_times', {
group_id: this.group_id,
amount: 5,
season_id: this.season_id
})
.then(response => {
this.times = response.data;
}
);
},