I make some gate like this:
Gate::define('update-post', function ($user, Post $post) {
return $user->hasAccess(['update-post']) or $user->id == $post->user_id;
});
I checked my database and it has update-post access and the user id is same as in the post. but I got:
This action is unauthorized.
errors. so am I do some mistake here? thanks.
I had a similar problem some time ago when starting to use Form Request classes for data validation. I noticed the following:
If you are using Form Requests to validate data, then first of all, check that you set properly the authorization rule that will allow it to pass. This is handled by the authorize() method that must return a boolean, that by default is set to false:
namespace App\Http\Requests\Users;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Auth;
class UpdateUserRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
/**
* By default it returns false, change it to
* something like this if u are checking authentication
*/
return Auth::check(); // <-------
/**
* You could also use something more granular, like
* a policy rule or an admin validation like this:
* return auth()->user()->isAdmin();
*
* Or just return true if you handle the authorisation
* anywhere else:
* return true;
*/
}
public function rules()
{
// your validations...
}
}
Make sure you return true on "authorize" method
public function authorize()
{
return true;
}
For Laravel 8(also applicable to Laravel 9) go to folder app->http->requests choose the class file(in my case it was StoreStudentRequest.php) and in function authorize set return value to true;
public function authorize()
{
return true;
}
This problem occurred to me when I did not return true in php artisan make:request SellRequest
in functionpublic function authorize()
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class SellRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'city'=>'required',
'address'=>'required',
'type'=>'required',
'land'=>'required',
'area'=>'required'
];
}
}
<?php
namespace App\Modules\UserManagement\Request;
use Illuminate\Foundation\Http\FormRequest;
use Response;
class UserRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
public function rules()
{
$rules = [
'full_name' => 'required',
'email' => 'required|email',
'password' => 'required',
're_enter_password' => 'required'
];
return $rules;
}
}
Need to authorize function return true
public function authorize()
{
return TRUE;
}
and then add auth facade or use Auth;
In my case, I was not doing the right check in Gate::define(...)
So maybe double check your logic in that function
If you have already configured your authorize() and you still have the same problem, you may check your route/api.php You may have a error declaring the same path for 2 Controller.
Route::resource('users', UserController::class)/*authorized true*/;
Route::resource('users', User2Controller::class)/*unauthorized true*/;
add this line in your controller
**use Illuminate\Http\Request;**
instead of
use App\Http\Requests\StoreGameRequest;
and change the parameter in function as
public function store(**Request $request**)
{
$request->validate([
