Laravel policy on User model

I suspect the fact that the route wildcard is $user and the second argument is $routeUser is an issue. Can you rename the first argument $authUser and the second to match the route wildcard, i.e. $user?

I just tried that and get the same error :/ Also have it typehinted on controller action, with same name

The following code works with me:

User.php

public function me($user)
{
    return $this->id === $user->id;
}

UserPolicy.php

public function show(User $user, User $routeUser)
{
    return $user->me($routeUser);
}

So the second parameter name is not the issue; can you show how you are invoking the policy in your controller?

I have it wired up via middleware in the route declaration:

Route::post('users/{user}/something', 'SomethingController@something')
    ->middleware('can:show,' . User::class);`

and of course defined in AuthServiceProvider:

protected $policies = [
    // ...
    User::class => UserPolicy::class,
];

@tykus Let's say you want to authorize show method in the UserController:

UserController.php

public function show(User $user)
{
    $this->authorize($user);

    // Your code here
}

Although I tend to authorize all methods by using $this->authorizeResource(User::class).

Route::post('users/{user}/something', 'SomethingController@something')
    ->middleware('can:update,user');

You need to give the user that was implicitly bound to the route

@tykus you nailed it, thanks =)

@minjon I don't think there is any need for me() method, just do return $user->is($routeUser); on the policy

this worked for me policy:

	public function view(User $user, User $routeUser): bool
		{
    return $user->role_id == UserRole::ADMIN->value
        ||
        ($routeUser->role_id == UserRole::USER->value
            && $routeUser->agent_id === $user->agent_id)
    ;
}

controller method:

	 public function show(User $user)
		{
        Gate::authorize('view', $user);
      return view('pages.agent.user.show', compact('user'));
     }