0

every time I go to 'edit' a post, the server returns a 403 - forbidden error. Although I can create, timestamp, and associate posts to the user that created them, The same user cannot seem to edit them... What am I doing wrong?


Here are my Routes to the resource:

Route::resource('leadprofiles', LeadProfileController::class)
    ->only(['index', 'store', 'edit', 'update'])
    ->middleware(['auth', 'verified']);

Here is my 'edit.blade.php' file, which @includes a form I use to edit my leadprofiles: It contains a valid route and the method is correct.

edit.blade.php:

<x-app-layout>
    <div class="max-w-2xl mx-auto p-4 sm:p-6 lg:p-8">
        @include('leadprofiles.partials.edit-lead-form')
    </div>
</x-app-layout>

edit-lead-form.php

<!-- Edit lead form -->
<x-app-layout>
    <div class="max-w-2xl mx-auto p-4 sm:p-6 lg:p-8">
        <form method="POST" action="{{ route('leadprofiles.update', $LeadProfile) }}">
            @csrf
            @method('patch')
            <x-input-label class="form-label inline" for="lead-name">Lead Name
                <x-text-input name="lead-name" id="lead-name" class="block appearance-none w-full py-1 px-2 mb-1 text-base leading-normal bg-white text-gray-800 border border-gray-200 rounded" type="text" required autofocus />{{ old('lead-name, $leadProfile->{'lead-name'}) }}
            </x-input-label>
            <x-input-error :messages="$errors->get('message')" class="mt-2" />
            <div class="mt-4 space-x-2">
                <x-primary-button>{{ __('Save') }}</x-primary-button>
                <a href="{{ route('leadprofiles.index') }}">{{ __('Cancel') }}</a>
            </div>
            @if ($errors->any())
            @foreach ($errors->all() as $error)
            <div>{{$error}}</div>
            @endforeach
            @endif
        </form>
    </div>
</x-app-layout>

Here is my edit button that populates every leadprofile contained in a dropdown:

@if ($LeadProfile->user->is(auth()->user()))
<!-- Edit, update, details, or delete lead options -->
<x-dropdown>
<x-slot name="trigger">
<button>
<svg xmlns="http://www.w3.org/2000/svg" class="h-4 w-4 text-gray-400" viewBox="0 0 20 20" fill="currentColor"><path d="M6 10a2 2 0 11-4 0 2 2 0 014 0zM12 10a2 2 0 11-4 0 2 2 0 014 0zM16 12a2 2 0 100-4 2 2 0 000 4z" /></svg>
</button>
</x-slot>
<x-slot name="content">
<x-dropdown-link :href="route('leadprofiles.edit', $LeadProfile)">
{{ __('Edit') }}
</x-dropdown-link>
</x-slot>
</x-dropdown>
@endif

Here is my LeadProfilePolicy's 'store' function:

    /**
     * Determine whether the user can update the model.
     *
     * @param  \App\Models\User  $user
     * @param  \App\Models\LeadProfile  $leadProfile
     * @return \Illuminate\Auth\Access\Response|bool
     */
    public function update(User $user, LeadProfile $leadProfile)
    {
        return $leadProfile->user()->is($user);
    }

I've tried renaming variables, thinking I misspelled something. Nothing.

0 Answers0