The policy does not work on the index apiResource call. Always returns 403..
My ProjectPolicy is this:
class ProjectPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any projects.
*
* #param \App\User $user
* #return mixed
*/
public function viewAny(User $user)
{
return true;
}
...
My ProjectController used this:
class ProjectController extends Controller
{
public function __construct()
{
$this->authorizeResource(ProjectPolicy::class, 'project');
}
...
I registered the policy:
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
Project::class => ProjectPolicy::class,
];
Everything works except the index method call:
/**
* Display a listing of the resource.
*
* #param Request $request
* #return Response
*/
public function index(Request $request)
{
return $request->user()->projects()->get();
}
In the project controller constructor, you need to authorize the resource (model) not the policy itself
public function __construct()
{
$this->authorizeResource(\App\Project::class, 'project');
}
Also make sure that the user making the request is authenticated, can't have guests authorized
But if you want guests to be authorized, you may mark the User model nullable/optional on the Dependency injection on the Policy class
/**
* Determine whether the user can view any projects.
*
* #param \App\User $user
* #return mixed
*/
public function viewAny(?User $user)
{
return true;
}
Hope this helps
Related
Atm, I use a steamauth API to grab a users steamid and pass it into user->steamid, but I want to restrict it to, if the field named steamid in users is not null(has already a steamid) they cant enter the route and will get a redirect back. I have tried for several hours now, but i cant seem to get it to working. This is my AuthController atm:
use Invisnik\LaravelSteamAuth\SteamAuth;
use App\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;
class AuthController extends Controller
{
/**
* The SteamAuth instance.
*
* #var SteamAuth
*/
protected $steam;
/**
* The redirect URL.
*
* #var string
*/
protected $redirectURL = '/';
/**
* AuthController constructor.
*
* #param SteamAuth $steam
*/
public function __construct(SteamAuth $steam)
{
$this->steam = $steam;
$this->middleware('auth');
}
/**
* Redirect the user to the authentication page
*
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function redirectToSteam()
{
return $this->steam->redirect();
}
/**
* Get user info and log in
*
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function handle()
{
if ($this->steam->validate()) {
$info = $this->steam->getSteamId();
if (!is_null($info)) {
Auth::user()->update(['steamid' => $info]);
return redirect($this->redirectURL); // redirect to site
}
}
return $this->redirectToSteam();
}
Added this custom middleware and it works:
public function handle($request, \Closure $next)
{
/*$user = User::where('steamid', $request)->first();
if (!is_null($user)) {
return redirect('/profile');
}*/
if ($request->user()->steamid !== null){
return redirect('/profile')->with('denied', 'Du kan kun tilføje én steamprofil');
}
return $next($request);
}
I have a problem when i validate a request with a FormRequest extended class. Because is redirecting when a bad request is recived and i need a response with the validation errors.
I'm using:
PHP 7.1.1 (cli) (built: Jan 18 2017 18:51:14) ( ZTS MSVC14 (Visual C++ 2015) x86 )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies.
Laravel v5.5.2.
My FormRequest class:
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class BillRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* #return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* #return array
*/
public function rules()
{
return [
'testfield' => 'required'
];
}
}
My Controller:
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests\BillRequest;
use App\Bill;
class BillController extends Controller
{
/**
* Display a listing of the resource.
*
* #return \Illuminate\Http\Response
*/
public function index(BillRequest $request)
{
$bills = Bill::paginate(10);
return $bills;
}
/**
* Show the form for creating a new resource.
*
* #return \Illuminate\Http\Response
*/
public function create()
{
//
}
/**
* Store a newly created resource in storage.
*
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
*/
public function store(BillRequest $request)
{
$bill = new Bill($request->all());
$bill->save();
return response('', 201);
}
/**
* Display the specified resource.
*
* #param int $id
* #return \Illuminate\Http\Response
*/
public function show($id)
{
$bill = Bill::find($id);
$bill->customer->person;
$bill->vehicle;
$bill->items;
return response($bill, 200);
}
/**
* Show the form for editing the specified resource.
*
* #param int $id
* #return \Illuminate\Http\Response
*/
public function edit($id)
{
//
}
/**
* Update the specified resource in storage.
*
* #param \Illuminate\Http\Request $request
* #param int $id
* #return \Illuminate\Http\Response
*/
public function update(BillRequest $request, $id)
{
$bill = Bill::find($id);
$bill->fill($request->all());
$bill->save();
return response('', 200);
}
/**
* Remove the specified resource from storage.
*
* #param int $id
* #return \Illuminate\Http\Response
*/
public function destroy($id)
{
$bill = Bill::find($id);
$bill->delete();
return response('', 204);
}
}
Route (api.php):
<?php
use Illuminate\Http\Request;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::group(['prefix' => 'admin' ], function () {
Route::resource('bills', 'BillController', [
'only' => ['index', 'update', 'show']
]);
});
Finally, the response with the field 'testfield' (in the request) is the JSON with the data paginated. But when i send the request without the field then redirect to localhost:8000/
I solved the problem. It's for a missing header in the request.
Content-Type:application/json
X-Requested-With:XMLHttpRequest
I experience the same problem using Laravel 5.5.3
There are many people who recommend to overwrite the response method in the custom FormRequest class, anyway this doesn't seem to work any longer since the method failedValidation is called before. This method throws an Illuminate\Validation\ValidationException.
You can catch this exception in app/Exceptions/Handler.php
To validate json in Laravel, check Laravel documentation
https://laravel.com/docs/5.5/validation#available-validation-rules
i have a work on create custom driver in laravel 5.2.My code is below here.
my auth.php has
'providers' => [
'users' => [
'driver' => 'bootsgrid',
],
And my app.php have
App\Bootsgrid\Authentication\AuthServiceProvider::class,
my custom driver controller below there
<?php
namespace App\Bootsgrid\Authentication;
use Auth;
use App\Bootsgrid\Authentication\UserProvider;
use Illuminate\Support\ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* Perform post-registration booting of services.
*
* #return void
*/
public function boot()
{
Auth::provider('bootsgrid', function($app, array $config) {
return new UserProvider();
});
}
/**
* Register bindings in the container.
*
* #return void
*/
public function register()
{
//
}
}
And my provider file there
<?php
namespace App\Bootsgrid\Authentication;
use App\Bootsgrid\Authentication\User;
use Illuminate\Contracts\Auth\UserProvider as IlluminateUserProvider;
class UserProvider implements IlluminateUserProvider
{
/**
* #param mixed $identifier
* #return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveById($identifier)
{
// Get and return a user by their unique identifier
}
/**
* #param mixed $identifier
* #param string $token
* #return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByToken($identifier, $token)
{
// Get and return a user by their unique identifier and "remember me" token
}
/**
* #param \Illuminate\Contracts\Auth\Authenticatable $user
* #param string $token
* #return void
*/
public function updateRememberToken(Authenticatable $user, $token)
{
// Save the given "remember me" token for the given user
}
/**
* Retrieve a user by the given credentials.
*
* #param array $credentials
* #return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByCredentials(array $credentials)
{
// Get and return a user by looking up the given credentials
}
/**
* Validate a user against the given credentials.
*
* #param \Illuminate\Contracts\Auth\Authenticatable $user
* #param array $credentials
* #return bool
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
// Check that given credentials belong to the given user
}
}
This is all my code but i got a error below this
Declaration of App\Bootsgrid\Authentication\UserProvider::updateRememberToken() must be compatible with Illuminate\Contracts\Auth\UserProvider::updateRememberToken(Illuminate\Contracts\Auth\Authenticatable $user, $token)
i dont know How to fix it.please help me.
Put this underneath your namespace declaration: use Illuminate\Contracts\Auth\Authenticatable;.
My folder structure for controllers is:
and I use following route code to access those controllers.
here I have allocated sub-folders inside Controller folder and updated namespaces as per needed on files and routes accordingly, this works perfectly, however when I use request file for validating form. It gives error:
Argument 1 passed to App\Http\Controllers\site\usersController::store()
must be an instance of Illuminate\Http\Request, string given
but when I move all controllers file to Controller folder and don't use sub-folder,form request validation works.My usersController and UserRegReq request files are:
usersController.php
<?php
namespace App\Http\Controllers\zcms;
use Illuminate\Http\Request;
use App\Services\FieldService;
use App\Services\UserService;
use App\Http\Requests;
use App\Http\Requests\UserRegReq;
use App\Http\Controllers\Controller;
class usersController extends Controller {
public function __construct(FieldService $field, UserService $user)
{
$this->field = $field;
$this->user = $user;
}
/**
* Display a listing of the resource.
*
* #return Response
*/
public function index()
{
//
}
/**
* Display a listing of the resource.
*
* #return Response
*/
public function throwLogin()
{
return view('zcms.pages.login');
}
/**
* Show the form for creating a new resource.
*
* #return Response
*/
public function create()
{
$field = $this->field->fieldList();
return view('zcms.users.addnew', compact('field'));
}
/**
* Store a newly created resource in storage.
*
* #param Request $request
* #return Response
*/
public function store(UserRegReq $request)
{
return "hello";
}
/**
* Display the specified resource.
*
* #param int $id
* #return Response
*/
public function show($id)
{
//
}
/**
* Show the form for editing the specified resource.
*
* #param int $id
* #return Response
*/
public function edit($id)
{
//
}
/**
* Update the specified resource in storage.
*
* #param Request $request
* #param int $id
* #return Response
*/
public function update(Request $request, $id)
{
//
}
/**
* Remove the specified resource from storage.
*
* #param int $id
* #return Response
*/
public function destroy($id)
{
//
}
}
UserRegReq.php
<?php
namespace App\Http\Requests;
use App\Http\Requests\Request;
class UserRegReq extends Request {
/**
* Determine if the user is authorized to make this request.
*
* #return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* #return array
*/
public function rules()
{
return [
'field_id' => 'required',
'name' => 'required',
'username' => 'required',
'password' => 'required'
];
}
// public function messages(){
// return [
// 'field_id.required'=>'The related Field of your Job is required',
// ];
// }
}
What should I do beside updating namespace in routes and controller file to make everything work?
I have created a productController resource in the route.php file like this:-
Route::resource('products','ProductController',['names' => ['create' => 'products.add']]);
Here is how my productController.php file looks like:-
<?php namespace lvtest\Http\Controllers;
use lvtest\Http\Requests;
use lvtest\Product;
use lvtest\Http\Controllers\Controller;
use Illuminate\Http\Request;
class ProductController extends Controller {
/**
* Class constructor .. requires authentication
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Display a listing of the resource.
*
* #return Response
*/
public function index()
{
$products = Product::all();
return view('products.productsList', ['products' => $products]);
}
/**
* Show the form for creating a new resource.
*
* #return Response
*/
public function add()
{
return 'Add a product';
}
/**
* Store a newly created resource in storage.
*
* #return Response
*/
public function store()
{
return 'store new product?';
}
/**
* Display the specified resource.
*
* #param int $id
* #return Response
*/
public function show($id = null)
{
// $products = Product::all();
// print_r($products);
}
/**
* Show the form for editing the specified resource.
*
* #param int $id
* #return Response
*/
public function edit($id)
{
//
}
/**
* Update the specified resource in storage.
*
* #param int $id
* #return Response
*/
public function update($id)
{
return 'store new product?';
}
/**
* Remove the specified resource from storage.
*
* #param int $id
* #return Response
*/
public function destroy($id)
{
//
}
}
and passed the 'names' array to change the default name of the create method to add.
When I go to localhost:8000/products/add I get a blank page.
How do I fix this
Adding the ['names' => ['create' => 'products.add'] to your resource route will only change the Route Name, and not the Route Method. This means that you can refer to your route as route('products.add') and it will point to the create() method on your controller.
When you use Route::resource Laravel will expect that you have a create() method on your controller. To be able to do what you suggest, you might need to add the method to your controller, and then add a separate route:
Route::resource('products','ProductController');
Route::get('products/add', ['as' => 'products.add', 'uses' => 'ProductController#add']);