-
Laravel Version10.30.1 PHP Version8.2 Database Driver & VersionMysql 8.0 DescriptionHi. I have a basic resource controller and I want to apply policy to it. $this->authorize() works perfectly, but there are too many methods to apply this to each one. So I found a method called authorizeResource(). But is doesn't work. It seems to me that it is my fault, but by the way I can't find a mistake.. this works well for my Exam model, but on my ClassSchool model, this is only work for non model required route, when a parameter is required, this make me à 403 everytime Steps To ReproduceClassController : <?php
namespace App\Http\Controllers;
use App\Models\ClassSchool;
use App\Pipelines\FilterBySearch;
use Illuminate\Pipeline\Pipeline;
class ClassesController extends Controller
{
public function __construct(protected Pipeline $pipeline)
{
$this->authorizeResource(ClassSchool::class);
}
public function destroy(ClassSchool $classes)
{
$classes->delete();
return redirect()->back()->with('warning', __('classes.flash-warning'));
}
}ClassSchoolPolicy.php <?php
namespace App\Policies;
use App\Models\ClassSchool;
use App\Models\User;
class ClassSchoolPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return true;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, ClassSchool $class): bool
{
dd('work');
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
dd('work');
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, ClassSchool $classes): bool
{
dd('work');
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, $classes): bool
{
dd('delete');
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, ClassSchool $classes): bool
{
dd('work');
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, ClassSchool $classes): bool
{
dd('work');
}
}
route.: Route::resource('class_school', \App\Http\Controllers\ClassesController::class);AuthServiceProvider protected $policies = [
Exam::class => ExamPolicy::class,
ClassSchool::class => ClassSchoolPolicy::class,
]; |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
<?php
namespace App\Http\Controllers;
use App\Models\ClassSchool;
use App\Pipelines\FilterBySearch;
use Illuminate\Pipeline\Pipeline;
class ClassesController extends Controller
{
public function __construct(protected Pipeline $pipeline)
{
- $this->authorizeResource(ClassSchool::class);
+ $this->authorizeResource(ClassSchool::class, 'classes');
}
public function destroy(ClassSchool $classes)
{
$classes->delete();
return redirect()->back()->with('warning', __('classes.flash-warning'));
}
}Just a tip, in Laravel 10 you don't have to manually register policies. |
Beta Was this translation helpful? Give feedback.
-
|
@antimech That I agree with, but your correction in the authorizeResource doesn't work. I've tried setting lots of different parameters and it never works. |
Beta Was this translation helpful? Give feedback.
-
<?php
namespace App\Http\Controllers;
use App\Models\ClassSchool;
use App\Pipelines\FilterBySearch;
use Illuminate\Pipeline\Pipeline;
class ClassesController extends Controller
{
public function __construct(protected Pipeline $pipeline)
{
- $this->authorizeResource(ClassSchool::class);
+ $this->authorizeResource(ClassSchool::class, 'class');
}
- public function destroy(ClassSchool $classes)
+ public function destroy(ClassSchool $class)
{
- $classes->delete();
+ $class->delete();
return redirect()->back()->with('warning', __('classes.flash-warning'));
}
} |
Beta Was this translation helpful? Give feedback.
-
|
@antimech I've got the impression that it's the model biding that isn't working, but I've got all the ids in the query and the model retrieves the data when I run the query next to it. |
Beta Was this translation helpful? Give feedback.
-
|
you were right, it was the name of the function parameters that were wrong and that prevented the model biding from working and therefore the policies afterwards |
Beta Was this translation helpful? Give feedback.
-
|
Please close this discussion as resolved |
Beta Was this translation helpful? Give feedback.
<?php namespace App\Http\Controllers; use App\Models\ClassSchool; use App\Pipelines\FilterBySearch; use Illuminate\Pipeline\Pipeline; class ClassesController extends Controller { public function __construct(protected Pipeline $pipeline) { - $this->authorizeResource(ClassSchool::class); + $this->authorizeResource(ClassSchool::class, 'class'); } - public function destroy(ClassSchool $classes) + public function destroy(ClassSchool $class) { - $classes->delete(); + $class->delete(); return redirect()->back()->with('warning', __('classes.flash-warning')); } }