Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mstdmstd's avatar

Why method in report policy is not called?

In laravel 12 app I try use Policy in report with code in the controller app/Http/Controllers/Report/DocsReportController.php:

<?php

namespace App\Http\Controllers\Report;

use App\Contracts\Services\Report\DocsReportInterface;
use App\Http\Controllers\Controller;
use App\Policies\Reports\DocsReportPolicy;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Log;

class DocsReportController extends Controller
{
    public function __construct(
        protected DocsReportInterface $service
    ) {}

    public function index(int $postId): JsonResponse
    {
        Log::info( '-1 DocsReportController index::'  );
        $this->authorize( 'view', DocsReportPolicy::class );

        // I ALSO TRIED TO UNCOMMENT LINE BELOW :
        // Gate::authorize('viewAny', DocsReportPolicy::class);

        $attendances = $this->service->getData($postId);

        return response()->json($attendances);
    }
}

and the policy file app/Policies/Reports/DocsReportPolicy.php :

namespace App\Policies\Reports;

use App\Models\User;
use Illuminate\Support\Facades\Log;

class DocsReportPolicy
{
    /**
     * Create a new policy instance.
     */
    public function __construct()
    {
    }

    /**
     * Determine if the user can view DocsReport report date.
     */
    public function view(User $user)
    {
        Log::info('-1 DocsReportPolicy view  $user->role->name::'.print_r($user->role->name, true));
        Log::info('-1 DocsReportPolicy view  $user->id::'.print_r($user->id, true));

        return $user->role->name === 'admin' || $user->role->name === 'department' || $user->role->name === 'operator';
    }

}

I also tried in app/Providers/AppServiceProvider.php to add line :

    public function boot(): void
{

    Gate::policy(DocsReportController::class, DocsReportPolicy::class);

and in controller :

     $this->authorize('view', $user);

In all cases in the app log file I see message from index method of DocsReportController and not any messages from the policy itself ... I got 403 error, but code inside of my policy class is not run...

What is wrong ?

1 like
1 reply
vincent15000's avatar
$this->authorize( 'view', DocsReportPolicy::class);

and

Gate::authorize('viewAny', DocsReportPolicy::class);

are different codes to do exactly the same thing.

In your policy, you only show the view function, so I assume that you don't have completed the viewAny one.

Furthermore you give another example of what you have tried.

$this->authorize('view', $user);

Here you are passing the user to the function, which has no sense if the aim is to check if the authenticated user can view the docs report.

What you have to know.

  • the authenticated user is automatically injected in all policy functions

  • the policies are automatically binded to the associated model if you respect the naming convention, for example CategoryPolicy for the Category model

  • $this->authorize('view', $user); means that you check if the authenticated user can view the $user

  • $this->authorize( 'view', DocsReportPolicy::class); can't work, you don't have to pass the policy class, but the model class

  • $this->authorize( 'view', DocsReport::class); will work and means that you check if the authenticated user can view any docs report, but it would be better to use viewAny for this

  • $this->authorize( 'viewAny', DocsReport::class); is better to check if the authenticated can view any docs report

  • $this->authorize( 'view', $docsReport); is better to check if the authenticated user can view a specific docs report

In the policy class, you have (among others) these functions.

public function viewAny(User $user) // the injected authenticated user
{
		...
}

public function view(User $user, DocsReport $docsReport) // the injected authenticated user and an instance of a docs report model
{
		...
}

Finally you have to register manually your policy because it's in a subfolder of the Policies folder.

But this is wrong.

Gate::policy(DocsReportController::class, DocsReportPolicy::class);

You have to register the policy with the model and not with the controller.

Gate::policy(DocsReport::class, DocsReportPolicy::class);

Please or to participate in this conversation.