Framework: authorizeResource does not work for models with compound names

Created on 20 Mar 2017  路  3Comments  路  Source: laravel/framework
  • Laravel Version: 5.4.15
  • PHP Version: PHP 7.0.15-0ubuntu0.16.04.4
  • Database Driver & Version: mysql Ver 14.14 Distrib 5.7.17, for Linux (x86_64) using EditLine wrapper

Description:

authorizeResource does not seem to work for models with more than 1 part to its name.

Steps To Reproduce:

here's a quick demo app in which you can see authorizeResource works fine for the Post model, but not for the CompoundName model.

This show method will always return unauthorized:

class CompoundNameController extends Controller
{
    public function __construct()
    {
        $this->authorizeResource(CompoundName::class);
    }

    // ...

    public function show(CompoundName $compoundName)
    {
        return $compoundName;
    }
}

However, explicit authorization works fine as expected:

class CompoundNameController extends Controller
{
    public function __construct()
    {
        //
    }

    // ...

    public function show(CompoundName $compoundName)
    {
        $this->authorize('view', $compoundName);
        return $compoundName;
    }
}
picture jpuck

Most helpful comment

Just submitted a PR that should fix the issue. Looks like the "authorizesResource" method was calling "strtolower" on the base_class of the model. Calling "lcfirst" should fix it.
Also, as the second parameter, you could pass the camelcased string and it would work without the pull request. eg.

    public function __construct()
    {
        $this->authorizeResource(CompoundName::class, 'compoundName');
    }
picture devcircus on 20 Mar 2017
4 👎1 👍1

All 3 comments

Just submitted a PR that should fix the issue. Looks like the "authorizesResource" method was calling "strtolower" on the base_class of the model. Calling "lcfirst" should fix it.
Also, as the second parameter, you could pass the camelcased string and it would work without the pull request. eg.

    public function __construct()
    {
        $this->authorizeResource(CompoundName::class, 'compoundName');
    }
devcircus picture devcircus on 20 Mar 2017
4 👎1 👍1

Your tip of passing the variable's compound name as the second argument saved the day!

dschreij picture dschreij on 10 May 2017
👍1

https://github.com/laravel/framework/issues/16184

pedrofurtado picture pedrofurtado on 2 Oct 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

JamborJan picture JamborJan  路  3Comments
gabriellimo picture gabriellimo  路  3Comments
YannPl picture YannPl  路  3Comments
kerbylav picture kerbylav  路  3Comments
shopblocks picture shopblocks  路  3Comments