Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

thiagolp90's avatar

Policies not triggered in Laravel 11

Hi,

I follow the documentation to use Policies in Laravel 11. In my AppServiceProvider.php file, i manually registered the policy in boot method:

use Illuminate\Support\Facades\Gate;
use App\Models\Post\Comment;
use App\Policies\Post\CommentPolicy;

Gate::policy(Comment::class, CommentPolicy::class);

In my policy, i block an user to delete a third party comment:

public function delete(User $user, Comment $comment): Response
{
    dump("police delete");
    return $comment->user_id == $user->id
        ? Response::allow()
        : Response::deny(__('You do not own this comment.'), 401);
}

In my model, i add a deleting method to check it:

static::deleting(function (Comment $comment) {
    dump("deleting");
});

And i created a test:

test('cant delete a third party comment', function () {
    $user1 = User::factory()->create();
    $user2 = User::factory()->create();
    $post = Post::factory()->user($user1)->create();
    $comment = Comment::factory()->user($user2)->post($post)->create();
    $response = $this->actingAs($user1)->delete("/$user1->username/$post->id/comment/$comment->id");
    $response->assertStatus(401);
});

When i run the tests, deleting is called, but police delete is not called.

Test failed with error: Expected response status code [401] but received 302.

0 likes
2 replies
thiagolp90's avatar
thiagolp90
OP
2 years ago
Best Answer
Level 1

I missed to call the authorize method in my controller@destroy:

Gate::authorize('delete', $comment);

It's working

1 like
gych's avatar

@thiagolp90 Good that it works now! Please don't forget to mark your thread as solved by selecting your solution as best answer.

1 like

Please or to participate in this conversation.