Added Gate authorization arguments

Gate Auth arguments were missing for TeamFile and Team controllers. This means that Gate has no idea where to look for policies, meaning that the ability passed is perceived literally, causing an Unauthorized error. Adding the Model with which to authorize the request solved the error since Gate now knows which policy to look in for permission logic.
2020-12-21 01:02:05 +00:00 · 2020-12-21 01:02:05 +00:00 · 1c0eeb4bb0
parent 2f0fc14825
commit 1c0eeb4bb0
2 changed files with 27 additions and 23 deletions
--- a/app/Http/Controllers/TeamController.php
+++ b/app/Http/Controllers/TeamController.php
@ -40,11 +40,11 @@ class TeamController extends Controller
    /**
     * Display a listing of the resource.
     *
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Http\Response
     */
    public function index()
    {
-        $this->authorize('index');
+        $this->authorize('index', Team::class);
        $teams = Team::with('users.roles')->get();
@ -55,12 +55,13 @@ class TeamController extends Controller
    /**
     * Store a newly created resource in storage.
     *
-     * @param  \Illuminate\Http\Request  $request
+     * @param NewTeamRequest $request
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function store(NewTeamRequest $request)
    {
-        $this->authorize('create');
+        $this->authorize('create', Team::class);
        $team = Team::create([
            'name' => $request->teamName,
@ -77,27 +78,30 @@ class TeamController extends Controller
    /**
     * Show the form for editing the specified resource.
     *
-     * @param  int  $id
+     * @param Team $team
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Http\Response
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function edit(Team $team)
    {
        $this->authorize('update', $team);
        return view('dashboard.teams.edit-team')
-              ->with('team', $team)
+            ->with([
-              ->with('users', User::all())
+               'team' => $team,
-              ->with('vacancies', Vacancy::with('teams')->get()->all());
+               'users' => User::all(),
               'vacancies' =>  Vacancy::with('teams')->get()->all()
            ]);
    }
    /**
     * Update the specified resource in storage.
     *
-     * @param  \Illuminate\Http\Request  $request
+     * @param EditTeamRequest $request
-     * @param  int  $id
+     * @param Team $team
     * @return \Illuminate\Http\Response
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function update(EditTeamRequest $request, Team $team)
+    public function update(EditTeamRequest $request, Team $team): \Illuminate\Http\Response
    {
        $this->authorize('update', $team);
@ -120,10 +124,10 @@ class TeamController extends Controller
     */
    public function destroy($id)
    {
-        //
+        // wip
    }
-    public function invite(SendInviteRequest $request, Team $team)
+    public function invite(SendInviteRequest $request, Team $team): \Illuminate\Http\RedirectResponse
    {
        $this->authorize('invite', $team);
@ -146,7 +150,7 @@ class TeamController extends Controller
        return redirect()->back();
    }
-    public function processInviteAction(Request $request, $action, $token)
+    public function processInviteAction(Request $request, $action, $token): \Illuminate\Http\RedirectResponse
    {
        switch ($action) {
            case 'accept':
@ -184,7 +188,7 @@ class TeamController extends Controller
        return redirect()->to(route('teams.index'));
    }
-    public function switchTeam(Request $request, Team $team)
+    public function switchTeam(Request $request, Team $team): \Illuminate\Http\RedirectResponse
    {
        $this->authorize('switchTeam', $team);
@ -200,7 +204,7 @@ class TeamController extends Controller
    }
    // Since it's a separate form, we shouldn't use the same update method
-    public function assignVacancies(Request $request, Team $team)
+    public function assignVacancies(Request $request, Team $team): \Illuminate\Http\RedirectResponse
    {
        $this->authorize('update', $team);
--- a/app/Http/Controllers/TeamFileController.php
+++ b/app/Http/Controllers/TeamFileController.php
@ -32,7 +32,7 @@ class TeamFileController extends Controller
     */
    public function index(Request $request)
    {
-        $this->authorize('index');
+        $this->authorize('index', TeamFile::class);
        if (is_null(Auth::user()->currentTeam))
        {
@ -53,7 +53,7 @@ class TeamFileController extends Controller
     */
    public function store(UploadFileRequest $request)
    {
-        $this->authorize('store');
+        $this->authorize('store', TeamFile::class);
        $upload = $request->file('file');
@ -87,7 +87,7 @@ class TeamFileController extends Controller
    public function download(Request $request, TeamFile $teamFile)
    {
-        $this->authorize('download');
+        $this->authorize('download', TeamFile::class);
        try
        {
@ -133,7 +133,7 @@ class TeamFileController extends Controller
     */
    public function destroy(Request $request, TeamFile $teamFile)
    {
-        $this->authorize('delete');
+        $this->authorize('delete', $teamFile);
        try
        {