Warm tip: This article is reproduced from stackoverflow.com, please click

How to allow nova resource action in Policy

发布于 2020-03-27 10:22:17

Nova 2.0 Laravel 5.8

I have one nova resource Document ( contains file url, related foreign key and title ) for which I have defined policy with create and update false and all others set to true, the PDF is generated from another resource, so I don't need to allow it to be created or edited, now everything is working fine, but with another action on this Document resource I am trying to download these files, giving me error "Sorry you are not authorized to take this action", so how to allow this action on Policy.

DocumentPolicy class

<?php

namespace App\Policies;

use App\User;
use App\Models\Document;
use Illuminate\Auth\Access\HandlesAuthorization;

class DocumentPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view any documents.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function viewAny(User $user)
    {
        return true;
    }

    /**
     * Determine whether the user can view the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function view(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can create documents.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        return false;
    }

    /**
     * Determine whether the user can update the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function update(User $user, Document $document)
    {
        return false;
    }

    /**
     * Determine whether the user can delete the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function delete(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can restore the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function restore(User $user, Document $document)
    {
        return true;
    }

    /**
     * Determine whether the user can permanently delete the document.
     *
     * @param  \App\User  $user
     * @param  \App\Document  $document
     * @return mixed
     */
    public function forceDelete(User $user, Document $document)
    {
        return true;
    }

    public function download(User $user, Document $document)
    {
        return true;
    }
}
Questioner
Prafulla Kumar Sahu
Viewed
69
Chin Leung 2019-07-08 22:04

The reason why you are getting the error is because your update method returns false in your policy.

By default, if the update is false, Nova will not allow the action. To test this, you can try to set it to true and test it again.

To fix this, you'd have to change the way you are registering the action to add a custom callback to handle if the user can run the action or not like this:

public function actions(Request $request)
{
    return [
        (new DownloadDocument)->canRun(function ($request, $document) {
            return $request->user()->can('download', $document);
        }),
    ];
}

With this, it will check for the download method in your document policy instead of the update method for the action.

For more information: https://nova.laravel.com/docs/2.0/actions/registering-actions.html#authorizing-actions-per-resource