This action is unauthorized. Middleware with multiple roles listed

[perffy]

Hi guys,

I have just installed this nice package and now i am trying to get used with it, but I got stacked in one situation.

I have three roles: administrator, executive and user. Some of my routes are only accessible for administrator, so I protect them like this:

Route::group([ 'middleware' => ['role:administrator']], function () {
    // routes
});

This works fine if I try to access the routes logged in as administrator and it gives me the view, if I try to access this routes as executive, it gives me an Spatie/Permission/UnauthorizedException, which is correct.

But if I get access to that routes to both roles: administrator and executive like this:

Route::group([ 'middleware' => ['role:administrator|executive']], function () {
    // routes
});

When I am logged in as executive I get: Symfony \ Component \ HttpKernel \ Exception \ AccessDeniedHttpException This action is unauthorized.

The question is, what I am doing wrong ?

[drbyte]

I'm guessing you have something else firing before it, either a different route group defined for that same route action or a different middleware interrupting.

[drbyte]

Did you get this sorted?

[perffy]

Unfortunately i havent tried anymore. Now i have installed the https://github.com/rappasoft/laravel-5-boilerplate, in which is included the Spatie/Permission package and there i have tried the same thing and i get the same error.

[drbyte]

Are you getting these errors via FeatureTests? Or by using the browser?

[perffy]

By using the browser

[gamevnlc]

Same issue like this. Do you have any idea how to fix it ?

[gamevnlc]

nvm I found the problem. There is some config in request file. it cause the problem @perffy check laravel5-boilerplate has authorized in request, So you have to modify in request file

[SBeausoleil]

I have the same problem. @gamevnlc Did you fix this by installing the laravel5-boilerplate or did you fix it without that plugin?

Also in my case, I keep having this problem even with the route outside of any middleware groups and with no directly attached middleware.

[gamevnlc]

@SBeausoleil I fixed it without plugin. My issue is that I don't specific the role in the authorize method in my custom request. This issue happen in Laravel5-bolierplate

[drbyte]

I'm pretty certain your AccessDeniedHttpException is coming from something outside the operation of this package.

[nimeshc64]

Unfortunately i havent tried anymore. Now i have installed the https://github.com/rappasoft/laravel-5-boilerplate, in which is included the Spatie/Permission package and there i have tried the same thing and i get the same error.

after you give middlware permisson you need change ManageUserRequest -> authorize() return $this->user()->isAdmin(); to return $this->user()->can('YOURE_PERMISSION');