From 1c0eeb4bb0f3ef41423f6163317ee829954448e8 Mon Sep 17 00:00:00 2001 From: Miguel N Date: Mon, 21 Dec 2020 01:02:05 +0000 Subject: [PATCH] Added Gate authorization arguments Gate Auth arguments were missing for TeamFile and Team controllers. This means that Gate has no idea where to look for policies, meaning that the ability passed is perceived literally, causing an Unauthorized error. Adding the Model with which to authorize the request solved the error since Gate now knows which policy to look in for permission logic. --- app/Http/Controllers/TeamController.php | 42 +++++++++++---------- app/Http/Controllers/TeamFileController.php | 8 ++-- 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/app/Http/Controllers/TeamController.php b/app/Http/Controllers/TeamController.php index 30b217a..0c90166 100755 --- a/app/Http/Controllers/TeamController.php +++ b/app/Http/Controllers/TeamController.php @@ -40,11 +40,11 @@ class TeamController extends Controller /** * Display a listing of the resource. * - * @return \Illuminate\Http\Response + * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Http\Response */ public function index() { - $this->authorize('index'); + $this->authorize('index', Team::class); $teams = Team::with('users.roles')->get(); @@ -55,12 +55,13 @@ class TeamController extends Controller /** * Store a newly created resource in storage. * - * @param \Illuminate\Http\Request $request - * @return \Illuminate\Http\Response + * @param NewTeamRequest $request + * @return \Illuminate\Http\RedirectResponse + * @throws \Illuminate\Auth\Access\AuthorizationException */ public function store(NewTeamRequest $request) { - $this->authorize('create'); + $this->authorize('create', Team::class); $team = Team::create([ 'name' => $request->teamName, @@ -77,27 +78,30 @@ class TeamController extends Controller /** * Show the form for editing the specified resource. * - * @param int $id - * @return \Illuminate\Http\Response + * @param Team $team + * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Http\Response + * @throws \Illuminate\Auth\Access\AuthorizationException */ public function edit(Team $team) { $this->authorize('update', $team); - return view('dashboard.teams.edit-team') - ->with('team', $team) - ->with('users', User::all()) - ->with('vacancies', Vacancy::with('teams')->get()->all()); + ->with([ + 'team' => $team, + 'users' => User::all(), + 'vacancies' => Vacancy::with('teams')->get()->all() + ]); } /** * Update the specified resource in storage. * - * @param \Illuminate\Http\Request $request - * @param int $id + * @param EditTeamRequest $request + * @param Team $team * @return \Illuminate\Http\Response + * @throws \Illuminate\Auth\Access\AuthorizationException */ - public function update(EditTeamRequest $request, Team $team) + public function update(EditTeamRequest $request, Team $team): \Illuminate\Http\Response { $this->authorize('update', $team); @@ -120,10 +124,10 @@ class TeamController extends Controller */ public function destroy($id) { - // + // wip } - public function invite(SendInviteRequest $request, Team $team) + public function invite(SendInviteRequest $request, Team $team): \Illuminate\Http\RedirectResponse { $this->authorize('invite', $team); @@ -146,7 +150,7 @@ class TeamController extends Controller return redirect()->back(); } - public function processInviteAction(Request $request, $action, $token) + public function processInviteAction(Request $request, $action, $token): \Illuminate\Http\RedirectResponse { switch ($action) { case 'accept': @@ -184,7 +188,7 @@ class TeamController extends Controller return redirect()->to(route('teams.index')); } - public function switchTeam(Request $request, Team $team) + public function switchTeam(Request $request, Team $team): \Illuminate\Http\RedirectResponse { $this->authorize('switchTeam', $team); @@ -200,7 +204,7 @@ class TeamController extends Controller } // Since it's a separate form, we shouldn't use the same update method - public function assignVacancies(Request $request, Team $team) + public function assignVacancies(Request $request, Team $team): \Illuminate\Http\RedirectResponse { $this->authorize('update', $team); diff --git a/app/Http/Controllers/TeamFileController.php b/app/Http/Controllers/TeamFileController.php index fe92559..81857fe 100755 --- a/app/Http/Controllers/TeamFileController.php +++ b/app/Http/Controllers/TeamFileController.php @@ -32,7 +32,7 @@ class TeamFileController extends Controller */ public function index(Request $request) { - $this->authorize('index'); + $this->authorize('index', TeamFile::class); if (is_null(Auth::user()->currentTeam)) { @@ -53,7 +53,7 @@ class TeamFileController extends Controller */ public function store(UploadFileRequest $request) { - $this->authorize('store'); + $this->authorize('store', TeamFile::class); $upload = $request->file('file'); @@ -87,7 +87,7 @@ class TeamFileController extends Controller public function download(Request $request, TeamFile $teamFile) { - $this->authorize('download'); + $this->authorize('download', TeamFile::class); try { @@ -133,7 +133,7 @@ class TeamFileController extends Controller */ public function destroy(Request $request, TeamFile $teamFile) { - $this->authorize('delete'); + $this->authorize('delete', $teamFile); try {