質問編集履歴
3
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -238,6 +238,10 @@
|
|
|
238
238
|
|
|
239
239
|
policyを利用しようとしましたが、自分の理解が浅くうまく実装できていません。
|
|
240
240
|
|
|
241
|
+
エラーはとくにでず、
|
|
242
|
+
|
|
243
|
+
ログインしたユーザーが他の人が投稿した記事を編集できる状況になっています。
|
|
244
|
+
|
|
241
245
|
```php
|
|
242
246
|
|
|
243
247
|
|
2
試したことの修正
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -236,13 +236,401 @@
|
|
|
236
236
|
|
|
237
237
|
### 試したこと
|
|
238
238
|
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
239
|
+
policyを利用しようとしましたが、自分の理解が浅くうまく実装できていません。
|
|
240
|
+
|
|
241
|
+
```php
|
|
242
|
+
|
|
243
|
+
|
|
244
|
+
|
|
245
|
+
sample/src/app/Policies/PostPolicy.php
|
|
246
|
+
|
|
247
|
+
<?php
|
|
248
|
+
|
|
249
|
+
|
|
250
|
+
|
|
251
|
+
namespace App\Policies;
|
|
252
|
+
|
|
253
|
+
|
|
254
|
+
|
|
255
|
+
use App\Post;
|
|
256
|
+
|
|
257
|
+
use App\User;
|
|
258
|
+
|
|
259
|
+
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
260
|
+
|
|
261
|
+
|
|
262
|
+
|
|
263
|
+
class PostPolicy
|
|
264
|
+
|
|
265
|
+
{
|
|
266
|
+
|
|
267
|
+
use HandlesAuthorization;
|
|
268
|
+
|
|
269
|
+
|
|
270
|
+
|
|
271
|
+
/**
|
|
272
|
+
|
|
273
|
+
* Determine whether the user can view any posts.
|
|
274
|
+
|
|
275
|
+
*
|
|
276
|
+
|
|
277
|
+
* @param \App\User $user
|
|
278
|
+
|
|
279
|
+
* @return mixed
|
|
280
|
+
|
|
281
|
+
*/
|
|
282
|
+
|
|
283
|
+
public function viewAny(User $user)
|
|
284
|
+
|
|
285
|
+
{
|
|
286
|
+
|
|
287
|
+
//
|
|
288
|
+
|
|
289
|
+
}
|
|
290
|
+
|
|
291
|
+
|
|
292
|
+
|
|
293
|
+
/**
|
|
294
|
+
|
|
295
|
+
* Determine whether the user can view the post.
|
|
296
|
+
|
|
297
|
+
*
|
|
298
|
+
|
|
299
|
+
* @param \App\User $user
|
|
300
|
+
|
|
301
|
+
* @param \App\Post $post
|
|
302
|
+
|
|
303
|
+
* @return mixed
|
|
304
|
+
|
|
305
|
+
*/
|
|
306
|
+
|
|
307
|
+
public function view(User $user, Post $post)
|
|
308
|
+
|
|
309
|
+
{
|
|
310
|
+
|
|
311
|
+
//
|
|
312
|
+
|
|
313
|
+
}
|
|
314
|
+
|
|
315
|
+
|
|
316
|
+
|
|
317
|
+
/**
|
|
318
|
+
|
|
319
|
+
* Determine whether the user can create posts.
|
|
320
|
+
|
|
321
|
+
*
|
|
322
|
+
|
|
323
|
+
* @param \App\User $user
|
|
324
|
+
|
|
325
|
+
* @return mixed
|
|
326
|
+
|
|
327
|
+
*/
|
|
328
|
+
|
|
329
|
+
public function edit(Post $post)
|
|
330
|
+
|
|
331
|
+
{
|
|
332
|
+
|
|
333
|
+
if (!(\Auth::user()->can('admin') || \Auth::user()->id == $post->user_id)) {
|
|
334
|
+
|
|
335
|
+
abort(403);
|
|
336
|
+
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
|
|
340
|
+
|
|
341
|
+
/**
|
|
342
|
+
|
|
343
|
+
* Determine whether the user can update the post.
|
|
344
|
+
|
|
345
|
+
*
|
|
346
|
+
|
|
347
|
+
* @param \App\User $user
|
|
348
|
+
|
|
349
|
+
* @param \App\Post $post
|
|
350
|
+
|
|
351
|
+
* @return mixed
|
|
352
|
+
|
|
353
|
+
*/
|
|
354
|
+
|
|
355
|
+
public function update(User $user, Post $post)
|
|
356
|
+
|
|
357
|
+
{
|
|
358
|
+
|
|
359
|
+
if (!(\Auth::user()->can('admin') || \Auth::user()->id == $post->user_id)) {
|
|
360
|
+
|
|
361
|
+
abort(403);
|
|
362
|
+
|
|
363
|
+
}
|
|
364
|
+
|
|
365
|
+
|
|
366
|
+
|
|
367
|
+
```
|
|
368
|
+
|
|
369
|
+
|
|
370
|
+
|
|
371
|
+
|
|
372
|
+
|
|
373
|
+
```php
|
|
374
|
+
|
|
375
|
+
|
|
376
|
+
|
|
377
|
+
sample/src/app/Providers/AuthServiceProvider.php
|
|
378
|
+
|
|
379
|
+
|
|
380
|
+
|
|
381
|
+
<?php
|
|
382
|
+
|
|
383
|
+
|
|
384
|
+
|
|
385
|
+
namespace App\Providers;
|
|
386
|
+
|
|
387
|
+
|
|
388
|
+
|
|
389
|
+
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
|
390
|
+
|
|
391
|
+
use Illuminate\Support\Facades\Gate;
|
|
392
|
+
|
|
393
|
+
|
|
394
|
+
|
|
395
|
+
class AuthServiceProvider extends ServiceProvider
|
|
396
|
+
|
|
397
|
+
{
|
|
398
|
+
|
|
399
|
+
/**
|
|
400
|
+
|
|
401
|
+
* The policy mappings for the application.
|
|
402
|
+
|
|
403
|
+
*
|
|
404
|
+
|
|
405
|
+
* @var array
|
|
406
|
+
|
|
407
|
+
*/
|
|
408
|
+
|
|
409
|
+
protected $policies = [
|
|
410
|
+
|
|
411
|
+
Post::class => PostPolicy::class,
|
|
412
|
+
|
|
413
|
+
];
|
|
414
|
+
|
|
415
|
+
|
|
416
|
+
|
|
417
|
+
/**
|
|
418
|
+
|
|
419
|
+
* Register any authentication / authorization services.
|
|
420
|
+
|
|
421
|
+
*
|
|
422
|
+
|
|
423
|
+
* @return void
|
|
424
|
+
|
|
425
|
+
*/
|
|
426
|
+
|
|
427
|
+
public function boot()
|
|
428
|
+
|
|
429
|
+
{
|
|
430
|
+
|
|
431
|
+
|
|
432
|
+
|
|
433
|
+
$this->registerPolicies();
|
|
434
|
+
|
|
435
|
+
}
|
|
436
|
+
|
|
437
|
+
}
|
|
438
|
+
|
|
439
|
+
|
|
440
|
+
|
|
441
|
+
```
|
|
442
|
+
|
|
443
|
+
|
|
444
|
+
|
|
445
|
+
```php
|
|
446
|
+
|
|
447
|
+
sample/src/app/Http/Controllers/PostsController.php
|
|
448
|
+
|
|
449
|
+
|
|
450
|
+
|
|
451
|
+
<?php
|
|
452
|
+
|
|
453
|
+
|
|
454
|
+
|
|
455
|
+
namespace App\Http\Controllers;
|
|
456
|
+
|
|
457
|
+
|
|
458
|
+
|
|
459
|
+
use Illuminate\Http\Request;
|
|
460
|
+
|
|
461
|
+
use App\Post;
|
|
462
|
+
|
|
463
|
+
use App\Http\Requests\PostRequest;
|
|
464
|
+
|
|
465
|
+
use Illuminate\Support\Facades\Auth;
|
|
466
|
+
|
|
467
|
+
|
|
468
|
+
|
|
469
|
+
|
|
470
|
+
|
|
471
|
+
class PostsController extends Controller
|
|
472
|
+
|
|
473
|
+
{
|
|
474
|
+
|
|
475
|
+
public function __construct()
|
|
476
|
+
|
|
477
|
+
{
|
|
478
|
+
|
|
479
|
+
$this->middleware('auth')->except(['index', 'show']);
|
|
480
|
+
|
|
481
|
+
}
|
|
482
|
+
|
|
483
|
+
|
|
484
|
+
|
|
485
|
+
|
|
486
|
+
|
|
487
|
+
public function index()
|
|
488
|
+
|
|
489
|
+
{
|
|
490
|
+
|
|
491
|
+
$posts = Post::orderBy('created_at', 'desc')->paginate(10);
|
|
492
|
+
|
|
493
|
+
return view('bbs.index', ['posts' => $posts]);
|
|
494
|
+
|
|
495
|
+
}
|
|
496
|
+
|
|
497
|
+
|
|
498
|
+
|
|
499
|
+
public function show(Request $request, $id)
|
|
500
|
+
|
|
501
|
+
{
|
|
502
|
+
|
|
503
|
+
$post = Post::findOrFail($id);
|
|
504
|
+
|
|
505
|
+
|
|
506
|
+
|
|
507
|
+
return view('bbs.show', [
|
|
508
|
+
|
|
509
|
+
'post' => $post,
|
|
510
|
+
|
|
511
|
+
]);
|
|
512
|
+
|
|
513
|
+
}
|
|
514
|
+
|
|
515
|
+
|
|
516
|
+
|
|
517
|
+
public function create()
|
|
518
|
+
|
|
519
|
+
{
|
|
520
|
+
|
|
521
|
+
return view('bbs.create');
|
|
522
|
+
|
|
523
|
+
}
|
|
524
|
+
|
|
525
|
+
|
|
526
|
+
|
|
527
|
+
public function store(PostRequest $request)
|
|
528
|
+
|
|
529
|
+
{
|
|
530
|
+
|
|
531
|
+
$savedata = [
|
|
532
|
+
|
|
533
|
+
'name' => $request->name,
|
|
534
|
+
|
|
535
|
+
'subject' => $request->subject,
|
|
536
|
+
|
|
537
|
+
'message' => $request->message,
|
|
538
|
+
|
|
539
|
+
'user_id' => Auth::id(),
|
|
540
|
+
|
|
541
|
+
|
|
542
|
+
|
|
543
|
+
];
|
|
544
|
+
|
|
545
|
+
|
|
546
|
+
|
|
547
|
+
$post = new Post;
|
|
548
|
+
|
|
549
|
+
$post->fill($savedata)->save();
|
|
550
|
+
|
|
551
|
+
|
|
552
|
+
|
|
553
|
+
return redirect('/bbs')->with('poststatus', '新規投稿しました');
|
|
554
|
+
|
|
555
|
+
}
|
|
556
|
+
|
|
557
|
+
|
|
558
|
+
|
|
559
|
+
public function edit($post_id)
|
|
560
|
+
|
|
561
|
+
{
|
|
562
|
+
|
|
563
|
+
$post = Post::findOrFail($post_id);
|
|
564
|
+
|
|
565
|
+
return view('bbs.edit', ['post' => $post]);
|
|
566
|
+
|
|
567
|
+
}
|
|
568
|
+
|
|
569
|
+
|
|
570
|
+
|
|
571
|
+
public function update(PostRequest $request, Post $post)
|
|
572
|
+
|
|
573
|
+
{
|
|
574
|
+
|
|
575
|
+
$savedata = [
|
|
576
|
+
|
|
577
|
+
'name' => $request->name,
|
|
578
|
+
|
|
579
|
+
'subject' => $request->subject,
|
|
580
|
+
|
|
581
|
+
'message' => $request->message,
|
|
582
|
+
|
|
583
|
+
'user_id' => Auth::user()->id,
|
|
584
|
+
|
|
585
|
+
|
|
586
|
+
|
|
587
|
+
];
|
|
588
|
+
|
|
589
|
+
|
|
590
|
+
|
|
591
|
+
$post = new Post;
|
|
592
|
+
|
|
593
|
+
$post->fill($savedata)->save();
|
|
594
|
+
|
|
595
|
+
|
|
596
|
+
|
|
597
|
+
return redirect('/bbs')->with('poststatus', '投稿を編集しました');
|
|
598
|
+
|
|
599
|
+
}
|
|
600
|
+
|
|
601
|
+
|
|
602
|
+
|
|
603
|
+
|
|
604
|
+
|
|
605
|
+
public function destroy($id)
|
|
606
|
+
|
|
607
|
+
{
|
|
608
|
+
|
|
609
|
+
$post = Post::findOrFail($id); {
|
|
610
|
+
|
|
611
|
+
if (!(\Auth::user()->can('admin') || \Auth::user()->id == $post->user_id)) {
|
|
612
|
+
|
|
613
|
+
abort(403);
|
|
614
|
+
|
|
615
|
+
}
|
|
616
|
+
|
|
617
|
+
}
|
|
618
|
+
|
|
619
|
+
$post->comments()->delete();
|
|
620
|
+
|
|
621
|
+
$post->delete();
|
|
622
|
+
|
|
623
|
+
|
|
624
|
+
|
|
625
|
+
return redirect('/bbs')->with('poststatus', '投稿を削除しました');
|
|
626
|
+
|
|
627
|
+
}
|
|
628
|
+
|
|
629
|
+
}
|
|
630
|
+
|
|
631
|
+
|
|
632
|
+
|
|
633
|
+
```
|
|
246
634
|
|
|
247
635
|
### 補足情報(FW/ツールのバージョンなど)
|
|
248
636
|
|
1
ソースコードの編集
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -12,8 +12,6 @@
|
|
|
12
12
|
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
コード
|
|
16
|
-
|
|
17
15
|
```
|
|
18
16
|
|
|
19
17
|
アドバイスいただけると幸いです。
|