Laravel policies always return false

Question

I have created policy, and add method view:

public function view(User $user, Contact $contact)
{
    return $user->id === $contact->manager;
} 

Then I have registered it:

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    Contact::class => ContactPolicy::class,
]; 

And then I have tried to use it with controller helper:

public function view($id)
{
    $contact = Contact::find($id);
    $user = Auth::user();

    $this->authorize('view', $contact);

    return view('contact.edit')->with('contact', $contact);
}

And middleware:

Route::get('/contact/edit/{id}', 'EditContactController@view')->middleware('can:view,contact');

But I always get 403 error. contact->manager and user->id are the same. Also, Contact table scheme:

CREATE TABLE `contacts` (
  `id` int(11) NOT NULL,
  `first_name` varchar(25) NOT NULL,
  `last_name` varchar(25) NOT NULL,
  `email` varchar(35) NOT NULL,
  `home_phone` int(10) DEFAULT NULL,
  `work_phone` int(10) DEFAULT NULL,
  `cell_phone` int(10) DEFAULT NULL,
  `best_phone` enum('home_phone','work_phone','cell_phone') NOT NULL,
  `address_1` varchar(100) DEFAULT NULL,
  `address_2` varchar(100) DEFAULT NULL,
  `city` varchar(35) DEFAULT NULL,
  `state` varchar(35) DEFAULT NULL,
  `zip` int(6) DEFAULT NULL,
  `country` varchar(35) DEFAULT NULL,
  `birth_date` date DEFAULT NULL,
  `manager` int(11) UNSIGNED NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Answer 1

I`ve just replaced

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    Contact::class => ContactPolicy::class,
]; 

with

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    'App\Contact' => 'App\Policies\ContactPolicy',
];

and now it works with $this->authorize('view', $contact);, but middleware still return 403

Answer 2

I know this is an old question, but if anyone else runs across this, make sure you look at your controller to determine if the model is being declared in the function call

in the original poster's code, it should be

EditController.php

public function view(Contact $contact)

and the web.php

Route::get('/contact/edit/{contact}', 'EditContactController@view')->middleware('can:view,contact');

so that the dependency injection can work properly.

Answer 3

You can check the pluralizations if you translate the model in your lang.

Let me explain:

Example: Model Pagamento

Url slugs: pagamenti

In my case using the check inside the functions works fine, but not works using constructor:

 public function edit(Pagamento $pagamenti)
  {

   $this->authorize('update', $pagamenti);
   //..

I changed:

public function __construct()
{

    //Abilita su tutto il resource
    //$this->authorizeResource(Pagamento::class,'pagamento'); // Not Works
    $this->authorizeResource(Pagamento::class,'pagamenti'); // Works

}

Now works fine ;)

Hope can help ;)

Answer 4

Kindly check your route link to that method if it has your middleware if not you can set it like.

Route::get('/view', CONTROLLER@view)->middleware('YOUR-MIDDLEWARE');

Example:

Route::get('/view', UserController@view)->middleware('auth:user');