Im not really sure what i am doing wrong here, but i am trying to authorize the controller using Spatie permissions and continue to get 403 - THIS ACTION IS UNAUTHORIZED errors. I presume it has something to do with the variable being passed but im not sure what i am meant to do? I have tried removing the if statement and ismply returnign tru but it still throws an error? Any help would be greatly appreciated
UserPolicy.php
namespace App\Models\Policies;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class UserPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any articles.
*
* @param \App\Models\User $user
* @return mixed
*/
public function viewAny(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(44, 'web')) {
return true;
}
return false;
}
/**
* Determine whether the user can view the article.
*
* @param \App\Models\User $user
* @return mixed
*/
public function view(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(44, 'web')) {
return true;
}
return false;
}
/**
* Determine whether the user can create articles.
*
* @param \App\Models\User $user
* @return mixed
*/
public function create(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(43, 'web')) {
return true;
}
return false;
}
/**
* Determine whether the user can update the article.
*
* @param \App\Models\User $user
* @return mixed
*/
public function update(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(43, 'web')) {
return true;
}
return false;
}
/**
* Determine whether the user can delete the article.
*
* @param \App\Models\User $user
* @return mixed
*/
public static function delete(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(70, 'web')) {
return true;
}
return false;
}
/**
* Determine whether the user can restore the article.
*
* @param \App\Models\User $user
* @return mixed
*/
public function restore(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(70, 'web')) {
return true;
}
return false;
}
/**
* Determine whether the user can permanently delete the article.
*
* @param \App\Models\User $user
* @return mixed
*/
public function forceDelete(User $user)
{
if ($user->isSuperAdmin() || $user->hasPermissionTo(70, 'web')) {
return true;
}
return false;
}
}
UserController.php
namespace App\Http\Controllers;
use App\Models\User;
use Illuminate\Http\Request;
use Spatie\Permission\Models\Role;
use function GuzzleHttp\Promise\all;
class UserController extends Controller
{
public function __construct()
{
$this->authorizeResource(User::class);
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\View\View
*/
public function index()
{
$page_title = 'Users';
$page_description = 'User Profiles';
$users = User::all();
return view('pages.users.users.index', compact('page_title', 'page_description', 'users'));
}
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
//
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
{
//
}
/**
* Display the specified resource.
*
* @param int $id
*
* @return \Illuminate\View\View
*/
public function show($id)
{
$user = User::findOrFail($id);
$user_roles = $user->getRoleNames()->toArray();
return view('pages.users.users.show', compact('user', 'user_roles'));
}
/**
* Show the form for editing the specified resource.
*
* @param \App\Models\User $user
* @return \Illuminate\Http\Response
*/
public function edit(User $user)
{
//
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param \App\Models\User $user
* @return \Illuminate\Http\Response
*/
public function update(Request $request, User $user)
{
//
}
/**
* Remove the specified resource from storage.
*
* @param \App\Models\User $user
* @return \Illuminate\Http\Response
*/
public function destroy(User $user)
{
//
}
public function getRole($id)
{
$user = User::findOrFail($id);
$roles = Role::all();
$user_roles = $user->getRoleNames()->toArray();
return view('pages.users.users.role', compact('user', 'roles', 'user_roles'));
}
public function updateRole(Request $request, $id)
{
$new_roles = $request->except(['_token', '_method']);
$roles = array();
foreach($new_roles as $new_role)
{
$roles[] = $new_role;
}
$user = User::findOrFail($id);
$user->syncRoles($roles);
return redirect('users')->with('flash_message', 'Role updated!');
}
public function getData(){
$users = User::all()->toArray();
//dd($users);
return json_encode(array('data'=>$users));
}
}
Web.php
/*******************************************
- Users
- Users, Roles, Permissions etc
*******************************************/
Route::resource('users/users', 'UserController')->middleware('azure');
Route::resource('users/permissions', 'PermissionsController')->middleware('azure');
Route::resource('users/roles', 'RolesController')->middleware('azure');
Route::get('/users/users/role/{id}', 'UserController@getRole')->middleware('azure');
Route::put('/users/users/role/{id}', 'UserController@updateRole')->middleware('azure');
