search

chris-ware / nova-breadcrumbs

Breadcrumbs for Laravel Nova
152 stars 44 forks source link

403 when view policy is disabled. #99

Closed nchornii closed 4 years ago

nchornii commented 4 years ago

Describe the bug When disabled view via policy and tried to edit resources getting 403 exception.

To Reproduce Steps to reproduce the behavior:

  1. Disable the ability to view via policy. 

    class ArtikelPolicy
{
public function viewAny(User $user)
{
    return $user->hasRole(['Key Account Sales', 'Test Admin']) || $user->isAdmin();
}

public function view(User $user, Artikel $artikel)
{
    return false;
}
}
  2. Try to edit the resource.

Expected behavior Opens to edit page

Screenshots image

Desktop (please complete the following information):

Additional context Found in ./vendor/chris-ware/nova-breadcrumbs/resources/js/mixins/FetchResource.vue this code:

 getResource() {
                this.resource = null

                return Minimum(
                    Nova.request().get('/nova-api/' + this.resourceName + '/' + this.resourceId)
                )
                    .then(({data: {panels, resource}}) => {
                        this.resource = resource
                        this.loading = false
                    })

Nova.request().get('/nova-api/' + this.resourceName + '/' + this.resourceId) couses error.

chris-ware commented 4 years ago

Have you tested that the same behaviour happens when Breadcrumbs is disabled? We don't do anything with policies, so I'm hessitant to suggest this is an issue with Breadcrumbs.

nchornii commented 4 years ago

@chris-ware thanks for the reply. Yes without Breadcrumbs everything is working fine.
It's failing on this request:

Nova.request().get('/nova-api/' + this.resourceName + '/' + this.resourceId)
chris-ware commented 4 years ago

Can you ltet me know the version of Laravel, Nova and Breadcrumbs you are using?

nchornii commented 4 years ago

@chris-ware chris-ware/nova-breadcrumbs: v1.3.6 laravel/framework: 7.13.0 laravel/nova: 3.6.0

chris-ware commented 4 years ago

@nchornii Thanks. This does make sense, as the way that I have to retrieve data is via the Mixin.

I'll see if I can do anything about this, but it may not be possible in this version. It may have to wait until I finally get around to building version 2. I would ask however, why someone can't view an item but can edit it?

nchornii commented 4 years ago

@chris-ware I get it - thanks. This is some project restrictions, I can't change it :(

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 4 years ago

This issue has been automatically closed because it has not had recent activity.

chris-ware commented 4 years ago

@nchornii I know the Bot auto-closed this, but with the release of Version 2, I'm hoping this solves your issues you were having as there is no reliance on Policy based API calls anymore.