CODEWITHSUNDEEP
laravellaravel-5laravel-5.5laravel-authorizationlaravel-request
Pankaj
Pankaj

Reputation: 10095

Can authorize method in Request class return customized message for HandlesAuthorization trait?

I have the following code in Request class to check if the user is authorized to perform update.

HandlesAuthorization trait, by default gives default message. Is there any way to return customized message? I saw the authorize method in Request class can return boolean value only.

class UpdateRoleRequest extends Request
{
    private $UserPermissionsSession;

    public function __construct(IRole $Role) {
        $this->UserPermissionsSession = new UserPermissionsSession();
    }

    public function authorize() {
        $UserID = \Auth::user()->UserID;
        return $this->UserPermissionsSession->CheckPermissionExists($UserID);
    }

}

Upvotes: 11

Views: 3365

Answers (2)

Fanmade
Fanmade

Reputation: 306

To provide a solution answering @Pooria Honarmand's question for anyone else wondering the same;
If you have more specific messages for different conditions that you already checked in the authorize method and you don't want to repeat those checks here, just introduce one or more class-based variables.

Here is one example having only one condition which does result in a non-standard message: private bool $hasMissingClientId = false;

public function authorize(): bool
{
    // several other checks

    if (empty($user->client_id)) {
        $this->hasMissingClientId = true;
        return false;
    }
    return true;
}

protected function failedAuthorization()
{
    if ($this->hasMissingClientId) {
        throw new AuthorizationException('User has to be assigned to specific client.');
    }
    parent::failedAuthorization();
}

Upvotes: 1

Marcin Nabiałek
Marcin Nabiałek

Reputation: 111829

I believe you shouldn't look at HandlesAuthorization trait. All you need to do is implementing failedAuthorization method in your request class.

In FormRequest class it's defined like this:

/**
 * Handle a failed authorization attempt.
 *
 * @return void
 *
 * @throws \Illuminate\Auth\Access\AuthorizationException
 */
protected function failedAuthorization()
{
    throw new AuthorizationException('This action is unauthorized.');
}

so all you need is to override this method in your UpdateRoleRequest class for example like this:

protected function failedAuthorization()
{
    throw new \Illuminate\Auth\Access\AuthorizationException('User has to be an admin.');
}

Upvotes: 14

Related Questions