HasAuthorization

src/Actions/HasActionHandler.php

@@ -4,11 +4,16 @@ namespace Dcat\Admin\Actions;
 
 use Dcat\Admin\Admin;
 use Dcat\Admin\Models\HasPermissions;
+use Dcat\Admin\Traits\HasAuthorization;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Database\Eloquent\Model;
 
 trait HasActionHandler
 {
+    use HasAuthorization {
+        failedAuthorization as parentFailedAuthorization;
+    }
+
     /**
      * @var Response
      */
@@ -64,7 +69,7 @@ trait HasActionHandler
      */
     public function handlerRoute()
     {
-        return admin_url('_handle_action_');
+        return route('dcat.api.action');
     }
 
     /**
@@ -238,24 +243,6 @@ process.then({$this->resolverScript()}).catch({$this->rejectScript()});
 JS;
     }
 
-    /**
-     * @return bool
-     */
-    public function passesAuthorization()
-    {
-        return $this->authorize(Admin::user());
-    }
-
-    /**
-     * @param Model|Authenticatable|HasPermissions|null $user
-     *
-     * @return bool
-     */
-    protected function authorize($user): bool
-    {
-        return true;
-    }
-
     /**
      * @return Response
      */

src/Controllers/HandleActionController.php

@@ -16,20 +16,16 @@ class HandleActionController
      */
     public function handle(Request $request)
     {
-        try {
-            $action = $this->resolveActionInstance($request);
+        $action = $this->resolveActionInstance($request);
 
-            $action->setKey($request->get('_key'));
+        $action->setKey($request->get('_key'));
 
-            if (! $action->passesAuthorization()) {
-                return $action->failedAuthorization();
-            }
-
-            $response = $action->handle($request);
-        } catch (\Throwable $exception) {
-            return Response::withException($exception)->send();
+        if (! $action->passesAuthorization()) {
+            return $action->failedAuthorization();
         }
 
+        $response = $action->handle($request);
+
         return $response instanceof Response ? $response->send() : $response;
     }
 

src/Controllers/HandleFormController.php

@@ -18,6 +18,10 @@ class HandleFormController
     {
         $form = $this->resolveForm($request);
 
+        if (! $form->passesAuthorization()) {
+            return $form->failedAuthorization();
+        }
+
         if ($errors = $form->validate($request)) {
             return $form->validationErrorsResponse($errors);
         }

src/Traits/HasAuthorization.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Dcat\Admin\Traits;
+
+use Dcat\Admin\Admin;
+use Dcat\Admin\Models\HasPermissions;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Database\Eloquent\Model;
+
+trait HasAuthorization
+{
+    /**
+     * 验证权限.
+     *
+     * @return bool
+     */
+    public function passesAuthorization(): bool
+    {
+        return $this->authorize(Admin::user());
+    }
+
+    /**
+     * 是否有权限判断.
+     *
+     * @param Model|Authenticatable|HasPermissions|null $user
+     *
+     * @return bool
+     */
+    protected function authorize($user): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return mixed
+     */
+    protected function failedAuthorization()
+    {
+        abort(403, __('admin.deny'));
+    }
+}

src/Widgets/Form.php

@@ -6,6 +6,7 @@ use Closure;
 use Dcat\Admin\Admin;
 use Dcat\Admin\Form\Field;
 use Dcat\Admin\Support\Helper;
+use Dcat\Admin\Traits\HasAuthorization;
 use Dcat\Admin\Traits\HasFormResponse;
 use Dcat\Admin\Traits\HasHtmlAttributes;
 use Illuminate\Contracts\Support\Arrayable;
@@ -76,6 +77,7 @@ class Form implements Renderable
 {
     use HasHtmlAttributes,
         HasFormResponse,
+        HasAuthorization,
         Macroable {
             __call as macroCall;
         }
@@ -624,11 +626,11 @@ JS
         }
     }
 
-    protected function prepareHandle()
+    protected function prepareHandler()
     {
         if (method_exists($this, 'handle')) {
             $this->method('POST');
-            $this->action(admin_url('_handle_form_'));
+            $this->action(route('dcat.api.form'));
             $this->hidden('_form_')->default(get_called_class());
             $this->hidden('_current_')->default($this->getCurrentUrl());
         }
@@ -643,7 +645,7 @@ JS
     {
         $this->prepareForm();
 
-        $this->prepareHandle();
+        $this->prepareHandler();
 
         if ($this->allowAjaxSubmit()) {
             $this->setupSubmitScript();