Axeia

Using entrust to restrict access by role, throwing a HttpException

Posted 2 years ago by Axeia

Hello,

I'm using the (Zizaco/Entrust)[https://github.com/Zizaco/entrust] package with laravel and it's "almost" working as expected. In my views I can do things like this fine

            @if(@Auth::check())
             <span class="navbar-right">
                 Welcome                  
                 @role('admin')
                 <span class='glyphicon glyphicon-education'></span> 
                 @endif
                 {{ Auth::user()->username }} <a href='/logout' id='login'><span class='glyphicon glyphicon-log-out '></span></a></span> 
            @else
            <a href='/login' id='login' class='navbar-right'><span class='glyphicon glyphicon-log-in '></span></a>
            @endif

and it works as expected. I only get to see glyph-span if I'm logged in and if the account I'm using has the admin role. However having done the following in the constructor of my controller.

        $this->middleware('auth');
        $this->middleware('role:admin');

Leads to a very long error dump like below if the user doesn't have an admin role. If the user does have the admin role the page is rendered as expected.



HttpException in Application.php line 905:


1. in Application.php line 905
2.at Application->abort('403', '', array()) in helpers.php line 30
3.at abort('403') in EntrustRole.php line 39
4.at EntrustRole->handle(object(Request), object(Closure), 'admin')
5.at call_user_func_array(array(object(EntrustRole), 'handle'), array(object(Request), object(Closure), 'admin')) in Pipeline.php line 124
6.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
7.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
8.at Pipeline->Illuminate\Routing{closure}(object(Request)) in Authenticate.php line 28
9.at Authenticate->handle(object(Request), object(Closure))
10.at call_user_func_array(array(object(Authenticate), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
11.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
12.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
13.at Pipeline->Illuminate\Routing{closure}(object(Request))
14.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
15.at Pipeline->then(object(Closure)) in ControllerDispatcher.php line 96
16.at ControllerDispatcher->callWithinStack(object(PlushiesController), object(Route), object(Request), 'index') in ControllerDispatcher.php line 54
17.at ControllerDispatcher->dispatch(object(Route), object(Request), 'App\Http\Controllers\PlushiesController', 'index') in Route.php line 174
18.at Route->runController(object(Request)) in Route.php line 140
19.at Route->run(object(Request)) in Router.php line 724
20.at Router->Illuminate\Routing{closure}(object(Request))
21.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
22.at Pipeline->Illuminate\Routing{closure}(object(Request)) in VerifyCsrfToken.php line 64
23.at VerifyCsrfToken->handle(object(Request), object(Closure))
24.at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
25.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
26.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
27.at Pipeline->Illuminate\Routing{closure}(object(Request)) in ShareErrorsFromSession.php line 49
28.at ShareErrorsFromSession->handle(object(Request), object(Closure))
29.at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
30.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
31.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
32.at Pipeline->Illuminate\Routing{closure}(object(Request)) in StartSession.php line 62
33.at StartSession->handle(object(Request), object(Closure))
34.at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
35.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
36.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
37.at Pipeline->Illuminate\Routing{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
38.at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
39.at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
40.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
41.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
42.at Pipeline->Illuminate\Routing{closure}(object(Request)) in EncryptCookies.php line 59
43.at EncryptCookies->handle(object(Request), object(Closure))
44.at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
45.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
46.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
47.at Pipeline->Illuminate\Routing{closure}(object(Request))
48.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
49.at Pipeline->then(object(Closure)) in Router.php line 726
50.at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 699
51.at Router->dispatchToRoute(object(Request)) in Router.php line 675
52.at Router->dispatch(object(Request)) in Kernel.php line 246
53.at Kernel->Illuminate\Foundation\Http{closure}(object(Request))
54.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
55.at Pipeline->Illuminate\Routing{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
56.at CheckForMaintenanceMode->handle(object(Request), object(Closure))
57.at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
58.at Pipeline->Illuminate\Pipeline{closure}(object(Request))
59.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
60.at Pipeline->Illuminate\Routing{closure}(object(Request))
61.at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
62.at Pipeline->then(object(Closure)) in Kernel.php line 132
63.at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
64.at Kernel->handle(object(Request)) in index.php line 53

So the error seems to be in the handle method of the entrustrole class rather then my own code? The handle method is as follows

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  Closure $next
     * @param  $roles
     * @return mixed
     */
    public function handle($request, Closure $next, $roles)
    {
        if ($this->auth->guest() || !$request->user()->hasRole(explode('|', $roles))) {
            abort(403);
        }

        return $next($request);
    }

Trying to make that I'm looking for the problem in the right place and if this possibly a fault from the package that should be reported rather then me making a mistake. (I'm still very new to laravel)


[edit] Manually just calling abort('403'); Seems to cause the same error, I assume this should just give a clean page with a httpcode 403 without the extensive log. I think I may have something misconfigured.


[edit2] Problem solved. Apparently it was simply missing a view for the error 404. After having added a resources/views/errors/403.blade.php page it will just call that page. My laravel only came with a 503.blade.php error page by default.

Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up

Channels

Reply to

Use Markdown with GitHub-flavored code blocks.