This action is unauthorized. for all user except user have id of 2

DISREGARD, your original Gate policy actually seems fine...

It's likely this causing your issue:

        $this->registerPolicies();
        Gate::before(function ($user){
            return $user->id == 2;
        });

Traditionally it would look more like:

Gate::define('project', function ($user, $project) {
        return $user->id == $project->user_id;
    });

And for the super user:

Gate::before(function ($user, $ability) {
    if ($user->id == 2) {
        return true;
    }
});

Hi It seems like your problem is in the AuthServiceProvider

Before every gate check, you are checking if the user has the id of 2. If not, you are returning false, so the check fails. When a check returns false, the permission is not given and no further checks will be made.

A solution would be to only return true if the id matches:

...
    public function boot()
    {
        $this->registerPolicies();
        Gate::before(function ($user){
            if (user->id == 2) {
                return true;
            }
        });
    }
...

You can find more info in the documentation: https://laravel.com/docs/5.8/authorization#gates

What does your App\Policies\ProjectPolicy' look like?

Hi! thank you so much but I already try this solution and it shows the same error.

but one thing please clear that where I put this line of code

Gate::define('project', function ($user, $project) {
        return $user->id == $project->user_id;
    });

and what does this variable do

$ability

Here it is my dear

<?php

namespace App\Policies;

use App\User;
use App\Project;
use Illuminate\Auth\Access\HandlesAuthorization;

class ProjectPolicy
{
    use HandlesAuthorization;
    /**
     * Determine whether the user can view the project.
     *
     * @param  \App\User  $user
     * @param  \App\Project  $project
     * @return mixed
     */
    public function update(User $user, Project $project)
    {
        return $project->owner_id == $user->id;
    }
}

and for once I try this

return $project->owner_id == $user->id;

inside all these function

viewAny
create
delete
restore
forceDelete

thank you so much

Try removing this trait:

use HandlesAuthorization;

You don't need to define the 'project` gate method, since you are handling it with a policy, which makes more sense in a CRUD situation with a defined model.

$ability is just a stand in for the action i.e. Gate::define('update-post', 'App\Policies\PostPolicy@update');

no! noting gets change

Please share how you are using the ProjectPolicy.

sorry I am totally new to laravel that's why I am not able to work more effectively

<?php

namespace App\Policies;

use App\User;
use App\Project;
use Illuminate\Auth\Access\HandlesAuthorization;

class ProjectPolicy
{
    use HandlesAuthorization;


    /**
     * Determine whether the user can view the project.
     *
     * @param  \App\User  $user
     * @param  \App\Project  $project
     * @return mixed
     */
    public function update(User $user, Project $project)
    {
        return $project->owner_id == $user->id;
    }


}

thank you so much I appreciate you help

I post all the code on GitHub now you can easily check https://github.com/hassanshahzadaheer/Laravel-5.7-From-Scratch.git

Okay, so let's try this:

// first just return true on the policy to see if the issue is the comparison of the user id and the project owner id.

    /**
     * Determine whether the user can view the project.
     *
     * @param  \App\User  $user
     * @param  \App\Project  $project
     * @return mixed
     */
    public function update(User $user, Project $project)
    {
        return true; // $project->owner_id == $user->id;
    }

If the $user is able to view the project after doing this, then check in your local DB to make sure that the auth user's ID and the project ID you are trying to access are ==.

Hi! dear mstrauss

nothing gets the change I don't know where the issue occurs.

let me show the tables also

the projects table

https://prnt.sc/og3mbz

and the user's table

https://prnt.sc/og3ms8

thank you so much

hi! still waiting ........

????

Sorry, I can't figure this one out!

@hassanshahzadaheer has you tried the solution provided by @schmedii ??

Yes, I tried his solution. and also I clone the other person repository in my computer to test it out that also shows the same. here is the link https://github.com/xingxingso/Laravel-5.7-From-Scratch

If you have any solution please let me know I am very thankful to you.

my complete code is online at https://github.com/hassanshahzadaheer/Laravel-5.7-From-Scratch

In your auth service provider remove below one there having the user->id two,

   $this->registerPolicies();
    Gate::before(function ($user){
        return $user->id == 2;
    });

like this ?

  public function boot(Gate $gate)
    {
        $this->registerPolicies();

        $gate->before(function ($user) {
            return $user->id;
        });
    }

@ Like this:

public function boot() {
    $this->registerPolicies();
}

Just remove the Gate::before from boot() method, inside the AuthServiceProvider class. This condition is telling to application that only user with ID 2 can do the action.

nothing gets to change my bro, Don't know why it's happen

is there any other way to solve this error?

Something like below,

    public function boot(Gate $gate)
    {
    $this->registerPolicies();

    $gate->before(function ($user) {
        return $user->id = Auth::user()->id;
    });
    }

thank you so much It works.

This did the trick for me

public function boot(Gate $gate) { $this->registerPolicies();

    $gate->before(function ($user) { 
        if( $user->id == 1 ){   //check if the user is admin
            return true;
       }
    });
}

@schmedii great answer! small typo. In "if" statement, use: $user now my app is working perfectly :)