2

I'm following the laracasts 5.7 series and I was working on the authorization part using policies. It was working fine when I first added it. But the next day when I opened the app again (without TOUCHING any of the code) I kept being thrown to a 403 error. This happened the two times already. At first I just thought I messed up the code. So I redid the whole policy authorization again. But the second time, I made sure everything was working fine before I saved my code. And then the same thing happened. Here's my code so far: ProjectPolicy.php:

  public function touch(User $user, Project $project)
{
    return $project->owner_id == $user->id;
}

AuthServiceProvider.php:

 class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        // 'App\Model' => 'App\Policies\ModelPolicy',
          'App/Project' => 'App\Policies\ProjectPolicy',
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

web.php:

Route::resource('projects', 'ProjectsController')->middleware('can:touch,project');

ProjectsController.php:

use App\Project;
use Illuminate\Http\Request;

class ProjectsController extends Controller
{

    public function __construct() {
      $this->middleware('auth');
    }
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        $projects = Project::where('owner_id', auth()->id())->get();
        return view('projects.index', ['projects' => $projects]);
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        return view('projects.create');
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Request $request)
    {
        $validated = request()->validate([
          'title' => 'required',
          'description' => ['required','min:5']
        ]);
        $validated['owner_id'] = auth()->id();
        Project::create($validated);
        return redirect('/projects');
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show(Project $project)
    {

        // $this->authorize('update', $project);
        // abort_if($project->owner_id !== auth()->id(), 403);
        // $this->authorize('touch', $project); // from ProjectPolicy
        // abort_if( \Gate::denies('touch', $project), 403);

        return view('projects.show', ['project' => $project]);
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit(Project $project)
    {
        return view('projects.edit', ['project' => $project]);
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(Project $project)
    {
        $project->update(request(['title','description']));
        return redirect()->action(
          'ProjectsController@show', ['id' => $project->id]
        );
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy(Project $project)
    {
        $project->delete();
        return redirect('/projects');
    }
}

To be clear: It was working the night before, and the next day when I opened the app it kept throwing me to a 403 error even when I didn't edit the code at all. I don't know what's happening at all.

kyljmn
  • 23
  • 3
  • can you do a Log::debug ($user) and Log::debug($project) inside your touch method of your policy and uncomment out the authorization in the controller and see if that is even logging it? – Brad Goldsmith Jul 11 '19 at 14:14
  • Have you tried clearing all the cache? php artisan cache:clear & php artisan config:clear & php artisan view:clear? May not be the resolution but I'v lost count how many times this has resolved little bugs I've have. – Petay87 Jul 11 '19 at 15:18
  • @BradGoldsmith Where can I get resuts of the Log::debug($user)? Also I've gotten rid of the middleware in the web.php file. And just used the authorization in the controller. It works fine. Just really curious why it stopped working though. – kyljmn Jul 11 '19 at 16:02
  • @Petay87 Tried it. Didn't work for me :( – kyljmn Jul 11 '19 at 16:04

0 Answers0