Open invaders-xx opened 1 year ago
Hi! This is covered in the docs already here - https://laraveljsonapi.io/docs/3.0/digging-deeper/proxies.html#authorization
I.e. you need to tell Laravel what policy to use for the Proxy. It's described in that section in the docs. The tip under the code block is also worth reading.
I'm going to close this as I don't believe there is an issue. But if you're following that section of the docs and you think there's a bug, then reopen with more details as to why you think this is a bug.
@lindyhopchris I did associate this Proxy model with the right policy in AuthServiceProvider that's why I mentioned that the delete function within this policy returns that message
Can you share the authorizer code (for both authorisers - the proxy and the model), plus what you've put in the AuthServiceProvider
?
Worth mentioning I do have this in a production app, and it's definitely working. So I suspect it's something to do with your setup (until proved otherwise!)
My proxy is :
namespace App\JsonApi\Proxies;
use LaravelJsonApi\Eloquent\Proxy;
use Modules\Core\Entities\Company;
class Customer extends Proxy
{
public function __construct(Company $customer = null)
{
parent::__construct($customer ?: new Company());
}
}
in AuthServiceProvider :
protected $policies = [
Role::class => RolePolicy::class,
User::class => UserPolicy::class,
\App\JsonApi\Proxies\Supplier::class => CompanyPolicy::class,
\App\JsonApi\Proxies\Customer::class => CompanyPolicy::class,
];
The issue won't be in the proxy.
What's your CompanyPolicy
code?
public function delete(User $user, Model $item): bool
{
return $user->can('delete-company');
}
What about the import statements? Can I see the whole class?
What do you mean by import statements ?
Hum, in the destroy function of the customer controller, should I call $customer->toBase()->delete(); instead of $customer->delete(); That's maybe the issue ?
Ah sorry, so seems the scope of this has changed. I was asking about import statements (use
statements) because in your original message you were saying there was a problem with the class of the object passed to the policy.
It seems you now have a problem in the controller?
delete()
should forward from the proxy to the model. What error are you getting now?
I followed the doc by creating a proxy, link this proxy to the policy and I have an issue with my policy's delete function parameter type : Argument #2 ($item) must be of type Illuminate\Database\Eloquent\Model, App\JsonApi\Proxies\Model given.
My delete policy declaration is as followed :
My proxy declaration is as followed:
and OtherModel extends Illuminate\Database\Eloquent\Model
Any thoughts ?