Jul 27, 2016

Level 9

Policies and production server

Hey all i have a question i am working a small project for learning and come across someting with the policies. My project works on local but as soon as i push it to my production server the policies fail. They always return false has anyone any ideas of why this might be.

EventFellows

9 years ago

Level 16

Can you post a specific example with relevant code?

1 like

bazz3l

9 years ago

Level 9

@EventFellows This all works on local but once pushed to production server the policies always return false. I but everything looks fine to me.

<?php

namespace App\Http\Controllers\Forum;

use App\Topic;
use App\Section;
use App\Http\Requests;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Http\Requests\Forum\CreateTopicRequest;
use App\Http\Requests\Forum\UpdateTopicRequest;

class TopicController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth', ['except' => ['getIndex']]);
    }

    /**
     * Show the forum conversation page.
     *
     * @return \Illuminate\Http\Response
     */
    public function getIndex(Topic $topic)
    {
        $replies = $topic->replies()->orderBy('created_at', 'asc')->paginate(25);

        return view('forum.topic')->with(compact('topic', 'replies'));
    }

    /**
     * Show the forum create conversation page.
     *
     * @return \Illuminate\Http\Response
     */
    public function getCreate()
    {
        $sections = Section::all();

        return view('forum.create')->with(compact('sections'));
    }

    /**
     * Create new conversation.
     *
     * @return \Illuminate\Http\Response
     */
    public function postCreate(CreateTopicRequest $request)
    {
        $topic = new Topic;
        $topic->title       = $request->get('title');
        $topic->slug        = str_slug($request->get('title'));
        $topic->body        = $request->get('body');
        $topic->section_id  = $request->get('section');

        $request->user()->topics()->save($topic);

        flash()->success('Your conversation was created.');

        return redirect()->route('forum.topic', $topic);
    }

    /**
     * Show the forum edit conversation page.
     *
     * @return \Illuminate\Http\Response
     */
    public function getEdit(Request $request, Topic $topic)
    {
        $this->authorize('update', $topic);

        $sections = Section::all();

        return view('forum.edit')->with(compact('topic', 'sections'));
    }

    /**
     * Update users conversation.
     *
     * @return \Illuminate\Http\Response
     */
    public function postEdit(UpdateTopicRequest $request, Topic $topic)
    {
        $this->authorize('update', $topic);

        $topic->title       = $request->get('title');
        $topic->slug        = str_slug($request->get('title'));
        $topic->body        = $request->get('body');
        $topic->section_id  = $request->get('section');
        $topic->save();

        flash()->success('Your conversation was updated.');

        return redirect()->route('forum.topic', $topic);
    }

    /**
     * Delete users conversation
     *
     * @return \Illuminate\Http\Response
     */
    public function getDelete(Request $request, Topic $topic)
    {
        $this->authorize('update', $topic);

        $topic->forceDelete();

        flash()->success('Your conversation was deleted.');

        return redirect()->route('forum.index');
    }
}

<?php

namespace App\Policies\Forum;

use App\User;
use App\Topic;
use Illuminate\Auth\Access\HandlesAuthorization;

class TopicPolicy
{
    use HandlesAuthorization;

    /**
     * User can update topic
     */
    public function update(User $user, Topic $topic)
    {
        return $topic->user_id === $user->id;
    }

    /**
     * User can delete topic
     */
    public function delete(User $user, Topic $topic)
    {
        return $topic->user_id === $user->id;
    }
}

1 like

jekinney

9 years ago

Level 47

What do you mean by policies? The auth middleware?

1 like

bazz3l

9 years ago

Level 9

@jekinney as you can see above the authorize uses the polices mark below to check if a given users can update a topic etc. These all work fine untill production i do not understand why things would change to stop these working.

$this->authorize('update', $topic);

2 likes

jekinney

9 years ago

Level 47

@bazz3l Missed that, thank you.

1 like

hktnag

8 years ago

Level 1

Hi @bazz3l, sorry for digging up this old post. I encounter the exact same problem. Did you find the solution?

The policies work well in the local environment, but when I use the app in the production environment the policies always return false.

More information:

I am using Laravel 5.3 upgraded from 5.2.
Production server is on shared host

1 like

hktnag

8 years ago

Level 1

Update:

Changing === in the policy

return $topic->user_id === $user->id;

to ==

return $topic->user_id == $user->id;

works now with the production server.

I suspect is something about the PHP version used.

1 like

imranlahoori

5 months ago

Level 1

Thank you for the guidance.

Switching from === to == in the policy resolved the issue on production server. It appears to have been related to the PHP version.

I appreciate your assistance.

1 like

JussiMannisto

5 months ago

Level 50

That has nothing to do with PHP versions.

Double-equals sign (==) is a loose comparison operator, which does type coercion when comparing values. That means "1", 1 and true are all considered equal when using it.

The triple-equals sign (===) is a strict comparison operator, which requires both the value and the type to match.

If == returns true but === returns false, you have a data type issue.

Please or to participate in this conversation.