Not working laravel Policy for my UsersUpdate

Question

I have

(1/1) HttpException
This action is unauthorized.

I think all should work fine and I have done it right but maybe not.

My controller method:

public function update(Request $request, Users $uzytkownik)
{
    $this->authorize('update', $uzytkownik);
    return 1;
}

UsersPolicy that is in App\Policies\:

<?php

namespace App\Policies;

use App\Models\Users;
use Illuminate\Auth\Access\HandlesAuthorization;

class UsersPolicy
{
    use HandlesAuthorization;

    public function update(Users $user)
    {
        return true;
//        return $user->login === auth()->login;
    }

}

And in AuthServiceProvider:

protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        'App\Models\Users' => 'App\Policies\UsersPolicy',
    ];

My Users model lays in App\Models\

When I cut $this->authorize('update', $uzytkownik); this line from controller everything works fine and I see '1', when I add it again HttpException.

What do I have wrong here? Thinking and Thinking, looking, I don't see anything bad here.

Answer 1

In your Policy, you have to add two parameters: The first one is the user logged in, and the second is the actual parameter. Try this in the Policy:

 public function update(Users $userLoggedIn, $user)
 {
     return true;
 }

Answer 2

please make sure that your route is under auth middlware like this :

Route::group(['middleware' => 'auth'], function () {
   // ur update route here
});

or in ur controller constructor like this :

public function __construct()
{
    $this->middleware('auth');
}

and also like @Laerte said your update policy method should have another parameter of type user which is the user you want to edit, like this :

 public function update(Users $userLoggedIn, Users $uzytkownik)
 {
     return true;
 }