Policy in screen - Githubissues

orchidsoftware / platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards.

https://orchid.software

MIT License

4.26k stars 631 forks source link

Policy in screen #2691

Open DarKsandr opened 11 months ago

DarKsandr commented 11 months ago

I wanted to use policy, but I always get 403 THIS ACTION IS UNAUTHORIZED.

Route::screen('/chat/{chat}', ChatScreen::class)
    ->can('view', 'chat')
    ->name('platform.chat');

class ChatPolicy
{
    public function view(User $user, Chat $chat): bool
    {
        return true;
    }
}

But if you use policies in the screen itself, then everything works

class ChatScreen extends Screen
{
    public function query(Chat $chat): iterable
    {
        if($chat->exists){
            $this->authorize('view', $chat);
        }
        ...
    }
...

tabuna commented 10 months ago

To help you, please submit an issue using a template that includes the version you are using

DarKsandr commented 10 months ago

Platfrom Version: 14.8.0
Laravel Version: 10.16.1
PHP Version: 8.1

tabuna commented 10 months ago

I would like to confirm that the usage of the can method always results in a 403 error. This is due to Screen determining which method to call later than the can middleware operates.

I have discovered a hacky way to make it work in this branch: compare/auth_middleware_policy, but I am not satisfied with this solution. I am open to any suggestions or alternatives you may have.