Extend Edit and Delete feature to a new custom feature (Customers)
Closed this issue · 8 comments
Prerequisites
Please answer the following questions for yourself before submitting an issue.
- [ yes] I am running the latest version
- [yes ] I checked the documentation and found no answer
- [ yes] I checked to make sure that this issue has not already been filed
- [yes ] I'm reporting the issue to the correct repository (for multi-repository projects)
Expected Behavior
Extend the List, Create, Edit and Delete feature into a new Controller called Customers.
Current Behavior
I created a new Controller for customers, obviously a model, policy, requests, adding the routes and everything needed to use the existing role/user/permission feature.
The view index that shows the List of customers works fine, the create view works fine too, but the edit view throw an 403 error 403
THIS ACTION IS UNAUTHORIZED..
I'd checked that update and edit methods are properly configured, but I can't figure out how to extend this feature (edit) to my customers feature.
Hello @japc-74,
Thanks for using Creative Tim products.
We're back at the office starting Monday 3rd of Jan and we'll be able to help you then.
All the best
Hi @japc-74,
Thank you for reporting this and for using our products.
Would you be able to share with us the archive of the files created by you or a video/screenshot with the policy files, please? We think this will help a lot in investigating further.
Best,
UPDIVISION Team
Hello guys, thanks for your reply, this is the files created, besides the view.
ClientesPolicy
`<?php
namespace App\Policies;
use App\User;
use App\Models\Clientes;
use Illuminate\Auth\Access\HandlesAuthorization;
class ClientePolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can see the roles.
*
* @param \App\User $user
* @return boolean
*/
public function viewAny(User $user)
{
return $user->isAdmin();
}
/**
* Determine whether the user can create roles.
*
* @param \App\User $user
* @return boolean
*/
public function create(User $user)
{
return $user->isAdmin();
}
/**
* Determine whether the user can update the role.
*
* @param \App\User $user
* @param \App\Role $role
* @return boolean
*/
public function update(User $user, Clientes $cliente)
{
if (env('IS_DEMO')){
return $user->isAdmin() && !in_array($cliente->id, [1, 2, 3]);
}
return $user->isAdmin();
}
}
`
CreateClientesRequest
`<?php
namespace App\Http\Requests;
use App\Models\Clientes;
use Illuminate\Validation\Rule;
use Illuminate\Foundation\Http\FormRequest;
class CreateClientesRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return auth()->check();
//return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return Clientes::$rules;
}
}
`
ClientesRepository
`<?php
namespace App\Repositories;
use App\Models\Clientes;
use App\Repositories\BaseRepository;
/**
class ClientesRepository extends BaseRepository
{
/**
* @var array
*/
protected $fieldSearchable = [
'clte_nom',
'clte_cob',
'clte_imp',
'clte_vigente'
];
/**
* Return searchable fields
*
* @return array
*/
public function getFieldsSearchable()
{
return $this->fieldSearchable;
}
/**
* Configure the Model
**/
public function model()
{
return Clientes::class;
}
}
`
Hi @japc-74,
Thank you for the details provided.
It should be fine what you already have, but you can check also:
-
In your controller, you should have this function that will authorize resources:
public function __construct()
{
$this->authorizeResource(Tag::class);
} -
Check your UserPolicy.php, there will be two functions: manageUsers and manageItems, if you use this, maybe you can take a look here to be sure that will satisfy your requirements.
-
Also, could you give us some information about your controllers and what's your functions that display edit/update pages, please?
Please let us know.
Thank you,
UPDIVISION Team
Hello
In my controller I have this:
`
public function __construct(ClientesRepository $clientesRepo)
{
$this->authorizeResource(Clientes::class);
$this->clientesRepository = $clientesRepo;
}
public function index(Clientes $model)
{
$this->authorize('manage-users', User::class);
return view('clientes.index', ['clientes' => $model->all()]);
}
public function store(CreateClientesRequest $request, Clientes $model)
{
$model->create($request->all());
return redirect()->route('clientes.index')->withStatus(__('Cliente creado exitosamente.'));
}
public function edit(Clientes $cliente)
{
return view('clientes.edit', compact('cliente'));
}
public function update(UpdateClientesRequest $request, Clientes $cliente)
{
$cliente->update($request->all());
return redirect()->route('clientes.index')->withStatus(__('Cliente actualizado exitosamente.'));
}
`
In my Policy I have this:
`
namespace App\Policies;
use App\User;
use App\Models\Clientes;
use Illuminate\Auth\Access\HandlesAuthorization;
class ClientePolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can see the roles.
*
* @param \App\User $user
* @return boolean
*/
public function viewAny(User $user)
{
return $user->isAdmin();
}
/**
* Determine whether the user can create roles.
*
* @param \App\User $user
* @return boolean
*/
public function create(User $user)
{
return $user->isAdmin();
}
/**
* Determine whether the user can update the role.
*
* @param \App\User $user
* @param \App\Role $role
* @return boolean
*/
public function update(User $user, Clientes $cliente)
{
if (env('IS_DEMO')){
return $user->isAdmin() && !in_array($cliente->id, [1, 2, 3]);
}
return $user->isAdmin();
}
}
`
Hi @japc-74,
Thank you for sharing these details. We're not sure if we understood correctly, but we believe the logic example from Tag Management may be helpful to be checked in this case. You may check the flow for Policy, Controller, Model, Request. Please let us know if this helped.
Best,
UPDIVISION Team
Hello, I appreciate your response, but unfortunately it doesn't works.
I have Policy, Controller, Model, Request and Route configured exactly as Tag, or User and I'm still getting 403 forbidden for edit and view.
Please may you share additional information to extend the functionality to other controllers views and models?
This is the guard info for tags and obviously works
This is the info for clientes and comes empty
Hi @japc-74,
Thank you for the additional details. We would probably need to analyze this in detail as it is a new custom feature. Unfortunately, at the moment we are not able to figure out a quick solution to give you an idea.
If you need help with any of your projects, we're happy to get in touch. We do custom development for start-ups and companies across the globe (you can check out our portfolio here https://updivision.com/portfolio and some happy clients over here https://updivision.com/testimonials). Don`t hesitate to drop us a line at office@updivision.com or by using our contact form (https://updivision.com/contact).
All the best,
UPDIVISON Team