dimanche 24 juillet 2016

HttpException in Handler.php line 107: This action is unauthorized

I'm learning Laravel 5. I have finished the document's Quickstart - intermediate. I want to apply the authorize check for Task's actions to the User's. I want to check whether the target user is the current logged in user in order to use user's edit action. However, browser keeps telling me when I try to access http://ift.tt/2a4FK9F:

HttpException in Handler.php line 107:
This action is unauthorized.

I put a check whether target user and current user are the same(via id) right before calling $this->authorize('edit', $user); and it passes the condition. But $this->authorize('edit', $user); still denies. How can I fix this?

Routes.php

Route::get('/users/{user}', 'UsersController@view');
Route::get('/users/{user}/edit', 'UsersController@edit');
Route::patch('/users/{user}', 'UsersController@update');

AuthServiceProvider.php

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    'App\Task' => 'App\Policies\TaskPolicy',
    'App\Users' => 'App\Policies\UsersPolicy',
];

UsersPolicy.php

namespace App\Policies;

use App\User;
use Illuminate\Http\Request;
use Illuminate\Auth\Access\HandlesAuthorization;

class UsersPolicy
{
    use HandlesAuthorization;

    public function edit(Request  $request, User $user)
    {
        return $request->user()->id === $user->id;
    }

    public function update(Request  $request, User $user)
    {
        return $request->user()->id === $user->id;
    }
}

UsersController.php

namespace App\Http\Controllers;

use App\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class UsersController extends Controller
{

    protected $user;

    public function __construct() {
        $this->middleware('auth');
    }

    public function view(Request $request, User $user)
    {    
        if($request->user()->id == $user->id){
            return view('users.view', ['user' => $user]);
        }
        return redirect('/tasks');
    }

    public function edit(Request $request, User $user)
    {
        //My check
        if($request->user()->id === $user->id){
            $this->authorize('edit', $user);
            return view('users.edit', compact('user'));
        }else{
            return redirect('/users/'.$user->id);
        }
    }

    public function update(Request $request, User $user)
    {
        $this->authorize('update', $user);        
        $user->update($request->all());    
        return redirect('/users/'.$user->id);
    }
}


from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2aa4Loj
via IFTTT
Publié par à
Libellés : ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)