Errors "This action is unauthorized." using Form Request validations in Laravel

Question

I make some gate like this:

Gate::define('update-post', function  ($user, Post $post) {
    return $user->hasAccess(['update-post']) or $user->id == $post->user_id;
});

I checked my database and it has update-post access and the user id is same as in the post. but I got:

This action is unauthorized.

errors. so am I do some mistake here? thanks.

Answer 1

sometimes we forgot to change the boolean value , change it and you will be alright

Answer 2

For Laravel 8(also applicable to Laravel 9) go to folder app->http->requests choose the class file(in my case it was StoreStudentRequest.php) and in function authorize set return value to true;

public function authorize()
{
    return true;
}

Answer 3

add this line in your controller

**use Illuminate\Http\Request;**

instead of

use App\Http\Requests\StoreGameRequest;

and change the parameter in function as

public function store(**Request $request**)
    {
        $request->validate([
      

Answer 4

I had a similar problem some time ago when starting to use Form Request classes for data validation. I noticed the following:

If you are using Form Requests to validate data, then first of all, check that you set properly the authorization rule that will allow it to pass. This is handled by the authorize() method that must return a boolean, that by default is set to false:

namespace App\Http\Requests\Users;

use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Auth;

class UpdateUserRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()   
    {
        /** 
         * By default it returns false, change it to 
         * something like this if u are checking authentication
         */
        return Auth::check(); // <-------

        /** 
         * You could also use something more granular, like
         * a policy rule or an admin validation like this:
         * return auth()->user()->isAdmin();
         * 
         * Or just return true if you handle the authorisation
         * anywhere else:
         * return true;
         */ 
    }

    public function rules()
    {
        // your validations...
    }

}

Answer 5

If you have already configured your authorize() and you still have the same problem, you may check your route/api.php You may have a error declaring the same path for 2 Controller.

Route::resource('users', UserController::class)/*authorized true*/;
Route::resource('users', User2Controller::class)/*unauthorized true*/;

Answer 6

Need to authorize function return true

public function authorize()
{
    return TRUE;
}

and then add auth facade or use Auth;

Answer 7

This problem occurred to me when I did not return true in php artisan make:request SellRequest in functionpublic function authorize()

<?php

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class SellRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
        public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'city'=>'required',
            'address'=>'required',
            'type'=>'required',
            'land'=>'required',
            'area'=>'required'
        ];
    }
}

Answer 8

In my case, I was not doing the right check in Gate::define(...)

So maybe double check your logic in that function

Answer 9

Make sure you return true on "authorize" method

public function authorize()
{
    return true;
}

Answer 10

<?php 
namespace App\Modules\UserManagement\Request;

use Illuminate\Foundation\Http\FormRequest;
use Response;

class UserRequest extends FormRequest
{
     /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }


    public function rules()
    {

        $rules = [
            'full_name' => 'required',
            'email' => 'required|email',
            'password' => 'required',
            're_enter_password' => 'required'
        ];

        return $rules;
    }
}