laravellaravel-authenticationlaravel-authorizationlaravel-jwt

Laravel Policy Always returns 403 unauthorized

I'm making an app that uses jwt as authentication system ,

when I try to update my Category model the policy always returns 403 unauthorized,

I'm using apiResource to crud my model.

my code

in api.php:

Route::apiResource('category', CategoryController::class);

in CategoryController.php:

    public function update(Request $request, $id)
    {
        // print_r($request->all());
        $validator = Validator::make(
            $request->all(),
            [
                'name' => 'required|min:2|unique:categories,name,' . $request->id,
                'description' => 'required|min:1',
            ],
            [
                "name.unique" => "اسم الصنف مستخدم مسبقا",
                "name.required" => "اسم الصنف مطلوب",
                "name.min" => "اسم الصنف يجب أن يحتوي على حرفين على الأقل",

                "description.required" => "وصف الصنف مطلوب",
            ]
        );
        if ($validator->fails()) {
            return response()->json(['errors' => $validator->messages(), 'status' => 422], 200);
        }
        $category = Category::find($id);
        $category->name = $request->name;
        $category->description = $request->description;
        $category->save();
        return response()->json([
            "message" => "تم تحديث الصنف",
            "status" => 200
        ], 200);
    }

in CategoryPolicy.php:

    public function update(User $user, Category $category)
    {

        return $category->user_id === $user->id;
    }

It seems like the request is not even reaching the update method in CategoryPolicy.php because even if the method always returning true it's not working :

    public function update(User $user, Category $category)
    {

        return true;
    }

any way the viewAny method is working as expected.

I'm using axios to fetch and update data and I'm sending the request with the bearer token and every thing is working ok except the issue above.

Solution

  • In CategoryController.php, instead of injecting $id:

    public function update(Request $request, $id)

    Try injecting the type-hinted model instance:

    public function update(Request $request, Category $category)

    And remove the find() command:

    //$category = Category::find($id);

    When generating new controllers, you can also use this artisan command to include type-hinted models in the function arguments.

    php artisan make:controller CategoryController --api --model=Category