every time I go to 'edit' a post, the server returns a 403 - forbidden error. Although I can create, timestamp, and associate posts to the user that created them, The same user cannot seem to edit them... What am I doing wrong?
Here are my Routes to the resource:
Route::resource('leadprofiles', LeadProfileController::class)
->only(['index', 'store', 'edit', 'update'])
->middleware(['auth', 'verified']);
Here is my 'edit.blade.php' file, which @includes a form I use to edit my leadprofiles: It contains a valid route and the method is correct.
edit.blade.php:
<x-app-layout>
<div class="max-w-2xl mx-auto p-4 sm:p-6 lg:p-8">
@include('leadprofiles.partials.edit-lead-form')
</div>
</x-app-layout>
edit-lead-form.php
<!-- Edit lead form -->
<x-app-layout>
<div class="max-w-2xl mx-auto p-4 sm:p-6 lg:p-8">
<form method="POST" action="{{ route('leadprofiles.update', $LeadProfile) }}">
@csrf
@method('patch')
<x-input-label class="form-label inline" for="lead-name">Lead Name
<x-text-input name="lead-name" id="lead-name" class="block appearance-none w-full py-1 px-2 mb-1 text-base leading-normal bg-white text-gray-800 border border-gray-200 rounded" type="text" required autofocus />{{ old('lead-name, $leadProfile->{'lead-name'}) }}
</x-input-label>
<x-input-error :messages="$errors->get('message')" class="mt-2" />
<div class="mt-4 space-x-2">
<x-primary-button>{{ __('Save') }}</x-primary-button>
<a href="{{ route('leadprofiles.index') }}">{{ __('Cancel') }}</a>
</div>
@if ($errors->any())
@foreach ($errors->all() as $error)
<div>{{$error}}</div>
@endforeach
@endif
</form>
</div>
</x-app-layout>
Here is my edit button that populates every leadprofile contained in a dropdown:
@if ($LeadProfile->user->is(auth()->user()))
<!-- Edit, update, details, or delete lead options -->
<x-dropdown>
<x-slot name="trigger">
<button>
<svg xmlns="http://www.w3.org/2000/svg" class="h-4 w-4 text-gray-400" viewBox="0 0 20 20" fill="currentColor"><path d="M6 10a2 2 0 11-4 0 2 2 0 014 0zM12 10a2 2 0 11-4 0 2 2 0 014 0zM16 12a2 2 0 100-4 2 2 0 000 4z" /></svg>
</button>
</x-slot>
<x-slot name="content">
<x-dropdown-link :href="route('leadprofiles.edit', $LeadProfile)">
{{ __('Edit') }}
</x-dropdown-link>
</x-slot>
</x-dropdown>
@endif
Here is my LeadProfilePolicy's 'store' function:
/**
* Determine whether the user can update the model.
*
* @param \App\Models\User $user
* @param \App\Models\LeadProfile $leadProfile
* @return \Illuminate\Auth\Access\Response|bool
*/
public function update(User $user, LeadProfile $leadProfile)
{
return $leadProfile->user()->is($user);
}
I've tried renaming variables, thinking I misspelled something. Nothing.
