jeudi 24 octobre 2019

Actions always returning unauthorised

I'm creating a simple e-commerce site as a personal project.

I have a 'products' table that creates a relationship between each product listed by a user.

$table->foreign('owner_id')->references('id')->on('users')->onDelete('cascade');

The relationship works as expected, each product is assigned an owner_id that is equal to the user's ID who listed the product. I've checked the database in PHPMyAdmin and it's pointing to the correct user every time.

I created a policy with php artisan and pointed my model to it in order to use automatic route model binding

php artisan make:policy productsPolicy --model=products

 public function canView(User $user, products $product)
     {
         return $product->owner_id == $user->id;
     }

My AuthServiceProvider points to the policy in question

   protected $policies = [
        'App\Model' => 'App\Policies\productsPolicy',
    ];

I then reference the policy in my controller to only allow the creator to delete their listing

    public function destroy(products $product)
    {
        $this->authorize('canView', $product);
        $product->delete();
        return redirect('/');
    }

No matter if I'm logged in as the user who created the project or not, I'm always thrown 'AccessDeniedHttpException'



from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/2BHzSTX
via IFTTT

Aucun commentaire:

Enregistrer un commentaire