I have this setup:-
\App\Policies\ObservationPolicy
<?php
namespace App\Policies;
use App\Observation;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class ObservationPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function edit(User $user, Observation $observation)
{
return $user->id == $observation->user_id;
}
}
Auth Service provider :
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
'App\Observation' => 'App\Policies\ObservationPolicy'
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
//
}
}
When i tried in view file with this statement :-
@can('edit', $observation)
@endcan
It worked without any issue.
But when i used in Controller :
public function edit($id,Observation $observation)
{
$this->authorize('edit', $observation);
return view('mypage');
}
it always return error :- AccessDeniedHttpException This action is unauthorized
The route that i accessed is :- Route::get('/Observation/{id}/edit', 'ObservationController@edit');