我试图在 Laravel 中创建一个 Gate。这个想法是检查 AzureAD 访问令牌上是否存在角色之一。
到目前为止我有这个
Gate::define('admin_cml', function () {
$roles = AzureUser::roles();
return in_array(config('app-roles.cml_admin'),$roles);
});
到目前为止,响应是“不在对象上下文中使用 $this”。
这是完整的代码
AuthServiceProvider -> 路径 app\Providers
<?php
namespace App\Providers;
use App\Models\AzureUser;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array<class-string, class-string>
*/
protected $policies = [
// 'App\Models\Model' => 'App\Policies\ModelPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
Gate::define('admin_cml', function () {
$roles = AzureUser::roles();
return in_array(config('app-roles.cml_admin'),$roles);
});
}
}
AzureUser 模型-> 应用\模型
<?php
namespace App\Models;
use Laravel\Socialite\Facades\Socialite;
use Illuminate\Database\Eloquent\Model;
class AzureUser extends Model
{
protected $id_token;
protected $access_token;
protected $user;
public function __construct($access_token, $id_token)
{
$this->access_token = $access_token;
$this->id_token = $id_token;
$this->user = Socialite::driver('azure-oauth')->userFromToken($access_token);
}
public function get()
{
return $this->user;
}
public function roles()
{
$tokens = explode('.', $this->id_token);
return json_decode(static::urlsafeB64Decode($tokens[1]))->roles;
}
public static function urlsafeB64Decode($input)
{
$remainder = strlen($input) % 4;
if ($remainder) {
$padlen = 4 - $remainder;
$input .= str_repeat('=', $padlen);
}
return base64_decode(strtr($input, '-_', '+/'));
}
}
路线
<?php
use App\Http\Controllers\loginController;
use Illuminate\Support\Facades\Route;
use Laravel\Socialite\Facades\Socialite;
Route::get('/', function () {
if(Auth::check()){
return redirect()->route('app');
}
return view('welcome');
})->name('home');
Route::get('/app',function(){
return view('layouts.app');
})->name('app')->middleware('auth');
// user routes
Route::prefix('user')->group(function () {
Route::get('/login', [loginController::class,'login'])->name('login');
Route::get('/logout', [loginController::class,'logout'])->name('logout');
});
Route::group(['middelware'=>['auth'],'prefix'=>'adminmm','as'=>'adminmm.'],function () {
Route::get('/carros', function(){
return "carros";
})->name('carros');
Route::get('/companias', function(){
return "companias";
})->name('companias');
});
// Here is the error. When going to admincml/mecanicos is when the error is showing up
Route::group(['middelware'=>['auth'],'prefix'=>'admincml','as'=>'admincml.'],function () {
Route::get('/mecanicos', function(){
if (! Gate::allows('admin_cml')) {
abort(403);
}
return "mecanicos";
})->name('mecanicos');
});
任何想法为什么不检测模型?谢谢!