0

I have a Publication model and a PublicationPolicy policy. In my controller, I'm using the following:

$this->authorize('update', $pub);

On the policy I have the following:

public function update(User $user, Publication $publication)
{
    dd($user);
}

Instead of dying with the user output, I get an error message saying "This action is unauthorized."

I have registered the policy in AuthServiceProvider like so:

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    Publication::class => PublicationPolicy::class,
];

Another point to mention is that the policy's before function seems to work just fine. It's the individual calls to abilities that is not working.

Help?

Tal V.
  • 671
  • 1
  • 6
  • 15

1 Answers1

0

Okay, after bashing my head against the wall several times, it all became clear:

I was always returning a value from the filter ("before") method. Turns out you need to return a value only if you want to allow (true) or to deny (false). If you want the policy check to fall through to the specific ability, you need to NOT return a value (or return NULL).

D'oh!

Tal V.
  • 671
  • 1
  • 6
  • 15
  • This seems like my case. Maybe you can help me. Look at this : http://stackoverflow.com/questions/42598826/how-can-i-do-authorization-policies-in-laravel-5-3 – moses toh Mar 04 '17 at 19:12