Level 9
Your posting to the ProfilesController in your routes file.
Route::patch('/c/{procedure}', 'ProfilesController@update');
1 like
Aug 6, 2019
11
Level 1
403 - This action is unauthorized
Hey Guys,
I'm new to laravel and I keep stumbling on this 403 not authorized error when I try to run an update function in one of my controllers.
I created a model/controller for "Procedures" and was able to create a form to allow the user to make and store these in the database and show them on the front-end, however I'm stuck on creating the "edit" area.
Here's my controller:
<?php
namespace App\Http\Controllers;
use App\User;
use App\Procedure;
use Illuminate\Http\Request;
use Intervention\Image\Facades\Image;
class ProceduresController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
$user = auth()->user();
return view('procedures.index', compact('user'));
}
public function edit(\App\Procedure $procedure)
{
return view('procedures.edit', compact('procedure'));
}
public function update()
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => ['required','image'],
]);
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
auth()->user()->procedures()->update([
'title' => $data['title'],
'category' => $data['category'],
'item' => $data['item'],
'image' => $imagePath,
]);
}
public function create()
{
return view('procedures.create');
}
public function store()
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => ['required','image'],
]);
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
auth()->user()->procedures()->create([
'title' => $data['title'],
'category' => $data['category'],
'item' => $data['item'],
'image' => $imagePath,
]);
return redirect('/profile/' . auth()->user()->id);
}
public function show(\App\Procedure $procedure)
{
return view('procedures.show', compact('procedure'));
}
}
Here's my Routes file:
<?php
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Auth::routes();
Route::get('/email', function (){
return new \App\Mail\NewUserWelcomeMail();
});
Route::get('/', 'HomeController@index');
Route::get('/c', 'ProceduresController@index');
Route::get('/c/create', 'ProceduresController@create');
Route::get('/c/{procedure}', 'ProceduresController@show');
Route::get('/c/{procedure}/edit', 'ProceduresController@edit');
Route::patch('/c/{procedure}', 'ProfilesController@update');
Route::post('/c', 'ProceduresController@store');
Route::get('/profile/{user}', 'ProfilesController@index')->name('profile.show');
Route::get('/profile/{user}/edit', 'ProfilesController@edit')->name('profile.edit');
Route::patch('/profile/{user}', 'ProfilesController@update')->name('profile.update');
Here's my edit.blade.php file:
@extends('layouts.app')
@section('content')
<div class="container">
<form action="/c/{{ $procedure->id }}" enctype="multipart/form-data" method="post">
@method('PATCH')
@csrf
<div class="row">
<div class="col-8 offset-2">
<div class="row">
<h1>Edit Case</h1>
</div>
<div class="form-group row">
<label for="Title" class="col-md-4 col-form-label">Case Title</label>
<input id="title"
type="text"
class="form-control @error('title') is-invalid @enderror"
name="title" value="{{ old('title') ?? $procedure->title }}"
autocomplete="title" autofocus>
@error('title')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
@enderror
</div>
<div class="row">
<label for="Category" class="col-md-4 col-form-label">Case Category</label>
<input id="category"
type="category"
class="form-control @error('category') is-invalid @enderror"
name="category" value="{{ old('category') ?? $procedure->category}}"
autocomplete="category" autofocus>
@error('category')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
@enderror
</div>
<div class="row">
<label for="Item" class="col-md-4 col-form-label">Item</label>
<input id="item"
type="item"
class="form-control @error('item') is-invalid @enderror"
name="item" value="{{ old('item') ?? $procedure->item}}"
autocomplete="item" autofocus>
@error('item')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
@enderror
</div>
<div class="row">
<label for="image" class="col-md-4 col-form-label">Change Mayo Stand Image</label>
<img src="/storage/{{ $procedure->image }}" width="500px">
<input type="file" class="form-control-file" id="image" name="image">
@error('image')
<strong>{{ $message }}</strong>
@enderror
</div>
<div class="row pt-4">
<button class="btn btn-primary">Update Case</button>
</div>
</div>
</div>
</form>
</div>
@endsection
I am able to access the edit page and see the info but when I click on the "Update Case" button it gives me the "403 - This action is unauthorized" error. I have tried all day to figure this out and still have not been able to... Any help would be greatly appreciated!
Level 53
You have $this->middleware('auth'); in the constructor so all resources need an authorized and signed-in user. And, yes, you listed the wrong controller in your route.
1 like
Level 1
Wow thank you guys, can't believe I overlooked that ...
Level 122
please mark best reply
Level 1
So I've update my Routes to be correct paths and now when I update the text fields it works perfect but for some reason when I upload and save a new image I get this error:
Method Illuminate\Http\UploadedFile::update does not exist.
I tried tweaking the ProceduresController a bit.. I feel like I'm not storing the image properly:
<?php
namespace App\Http\Controllers;
use App\User;
use App\Procedure;
use Illuminate\Http\Request;
use Intervention\Image\Facades\Image;
class ProceduresController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
$user = auth()->user();
return view('procedures.index', compact('user'));
}
public function edit(\App\Procedure $procedure)
{
return view('procedures.edit', compact('procedure'));
}
public function update()
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => '',
]);
if (request('image')) {
$imagePath =request('image')->update('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
}
auth()->user()->procedures()->update($data);
return redirect('/c');
}
public function create()
{
return view('procedures.create');
}
public function store()
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => ['required','image'],
]);
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
auth()->user()->procedures()->create([
'title' => $data['title'],
'category' => $data['category'],
'item' => $data['item'],
'image' => $imagePath,
]);
return redirect('/profile/' . auth()->user()->id);
}
public function show(\App\Procedure $procedure)
{
return view('procedures.show', compact('procedure'));
}
}
Again all help is greatly appreciated!
Thanks again,
Level 122
you are using store() in the store method, which presumably works?
move the image save functionality to a function and then call it from both update and store methods
Level 1
Yes (store) is working under "public function store()", could you please clarify what you mean about creating a new function for storing the image? Thanks
Level 122
like
private function saveImage($request)
{
// image save code here
}
then in your controller functions call $this->saveImage($request) and dry up your code
Level 1
Thanks Snapey,
So I was able to get the image to save by simply switching ->update to ->store, but now I'm having 2 new issues...
First one is that when I edit one procedure, the edit reflects on all procedures (if I edit the title of one, all titles change).
Second one is that when I edit a procedure if it don't add an image it gives me this error:
"Undefined variable: imagePath"
If I do upload an image it works (but still updates all the procedures not just one)...
Here's the updated Controller code:
<?php
namespace App\Http\Controllers;
use App\User;
use App\Procedure;
use Illuminate\Http\Request;
use Intervention\Image\Facades\Image;
class ProceduresController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
$user = auth()->user();
return view('procedures.index', compact('user'));
}
public function edit(\App\Procedure $procedure)
{
return view('procedures.edit', compact('procedure'));
}
public function update(\App\Procedure $procedure)
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => '',
]);
if (request('image')) {
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
}
auth()->user()->procedures()->update([
'title' => $data['title'],
'category' => $data['category'],
'item' => $data['item'],
'image' => $imagePath,
]);
return redirect('/c');
}
public function create()
{
return view('procedures.create');
}
public function store()
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => ['required','image'],
]);
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
auth()->user()->procedures()->create([
'title' => $data['title'],
'category' => $data['category'],
'item' => $data['item'],
'image' => $imagePath,
]);
return redirect('/profile/' . auth()->user()->id);
}
public function show(\App\Procedure $procedure)
{
return view('procedures.show', compact('procedure'));
}
}
Level 1
I just solved both problems, thanks again for all your help guys, here is the final code I wrote for the controller which is currently working properly:
<?php
namespace App\Http\Controllers;
use App\User;
use App\Procedure;
use Illuminate\Http\Request;
use Intervention\Image\Facades\Image;
class ProceduresController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
$user = auth()->user();
return view('procedures.index', compact('user'));
}
public function edit(\App\Procedure $procedure)
{
return view('procedures.edit', compact('procedure'));
}
public function create()
{
return view('procedures.create');
}
public function store()
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => ['required','image'],
]);
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
auth()->user()->procedures()->create([
'title' => $data['title'],
'category' => $data['category'],
'item' => $data['item'],
'image' => $imagePath,
]);
return redirect('/profile/' . auth()->user()->id);
}
public function show(\App\Procedure $procedure)
{
return view('procedures.show', compact('procedure'));
}
public function update(\App\Procedure $procedure)
{
$data = request()->validate([
'title' => 'required',
'category' => 'required',
'item' => 'required',
'image' => '',
]);
if (request('image')) {
$imagePath =request('image')->store('uploads','public');
$image = Image::make(public_path("storage/{$imagePath}"))->fit(500, 250);
$image->save();
$imageArray = ['image' => $imagePath];
}
$procedure->update(array_merge(
$data,
$imageArray ?? []
));
return redirect('/c');
}
}
Level 1
Maybe you are using Form Requests to validate data. if this is the case, you need to adjust your validation in the roles method and return the result of the validation of authorize
public function authorize()
{
// your aditional validation here
// return true|false;
}
public function rules()
{
// your validations...
}
Please or to participate in this conversation.