Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

eggplantSword's avatar

Livewire Authorization not working as expected

I'm not familiar with Livewire I've only used it on one project, and it's been a while.

I'm not sure where I went wrong. I'm trying to add a user role that has permission to only the users crud but when I try to see the users page I'm hit with a 403 | User does not have the right roles.. I do have the correct roles/permissions/model_has_roles data in my db as well.

use Illuminate\Foundation\Auth\Access\AuthorizesRequests;

class UserList extends Component
{
    use AuthorizesRequests;

    public function render()
    {
        dd($this->authorize('users.show'));
        return view('livewire.users.user-list');
    }
}

A weird thing is that on the Dashboard component it returns true but on the Users component I get the error. The components both have the same structure for the code above so I'm not sure why I get different responses.

What did I miss?

1 like
9 replies
vincent15000's avatar

The authorization are independant from Livewire.

Are you using a specific package to manage the permissions ?

$this->authorize() let me think about the standard usage of the policies.

$this->authorize('viewAny', User::class);

or

Gate::authorize('viewAny', User::class);
eggplantSword's avatar

@vincent15000 looking at the docs, I added $this->authorize('users.show', request()->user()) and also tried like you said but it didn't make a difference. The code isn't originally mine but I think it's the spatie permissions package

1 like
Merklin's avatar

I'm trying to add a user role that has permission to only the users crud but when I try to see the users page I'm hit with a 403

Maybe there are some actions on the user page, that require permission different from show and that's causing the error?

1 like
vincent15000's avatar

@msslgomez Calling $this->authorize('users.show') will check the corresponding policy.

But in your case, you want to chech if the authenticated user is authorized to view (show) what ?

$this->authorize('users.show', WHAT)

$this->authorize('show', $category)

$this->authorize('show', $user) // here $user is not the authenticated user, but the user to be displayed

But in standard policies, the function isn't show but view (for one model) or viewAny (for all models).

Do you have any policy defined in your project ?

1 like
eggplantSword's avatar

@vincent15000 I don't believe so I don't see any in the AppServiceProvider, the roles and permissions are quite simple as this website only has 3 pages, the dashboard, users crud and app crud.

This is how I was trying to use it

    public function render()
    {
        $this->authorize('users.show', request()->user());
        return view('livewire.users.user-list');
    }
1 like
vincent15000's avatar

@msslgomez The policies can be automatically detected without need to declare them in the app service provider.

Have you checked if there are policies in the app/Policies folder ?

eggplantSword's avatar

@vincent15000 I just checked, and I don't. Also I noticed even when I tried to remove the authorize line of code it still didn't let me in.

Edit: I found the problem facepalm I had checked the routes before looking for ->can('perm') but hadn't noticed that they had a route group with a middleware on it for a specific user role.

Thanks for the help!

1 like

Please or to participate in this conversation.