I'm currently migrating a project from CodeIgniter to Laravel5.
I saw in Laracasts that you can use the Request::authorize()
method to authorize access before the controller is called, and it returns true or false.
This would (I think) be the ideal solution as I can contain permission checks within the request, rather than pollute the controller with permission checks and redirections / responses.
The only problem is, when I return false
from authorize()
, it simply loads an empty white page with forbidden
written, and I can't find any documentation on laravel.com on how to template it (either there is no documentation, or I'm overlooking it)
I know I can edit the 404 page in errors/404.blade.php
, but I can't work out how to customize the 403 page, which I've tried to add a custom 403.blade.php
page, which doesn't get displayed. ( https://mattstauffer.co/blog/laravel-5.0-custom-error-pages )
Is placing these permission checks in the Request a good idea? Or am I missing something?
Update I ran a backtrace from authorize()
, and it looks like it throws an UnauthorizedException
, which extends RuntimeException
. I've tried catching both in the routes.php
file, which doesn't work either.
I've also tried to create middleware, and call the middleware from a method, which doesn't work either, since the middleware's not even called at all.
Update 2 Ok, so I found out that I can only call $this->middleware()
from the constructor, not individual methods, which is progress, I guess.
What i do is add a forbiddenResponse()
method to Request abstract class. You can return a response object from that method to render a human readable error.
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\JsonResponse;
abstract class Request extends FormRequest {
public function forbiddenResponse()
{
return new JsonResponse('Unauthorized', 403);
// or return Response::make('Unauthorized', 403);
}
}
Check the app\\Exceptions\\Handler.php
file. That's where you can customize your exception handling.
The 403 error launches a HttpException
. By default, Laravel will look under your resources\\views\\errors\\
directory and try to find a view that corresponds to the same status code. Since you already said that you've created a file called 403.blade.php
inside that folder, it should render this page for 403 errors.
One last thing, remember to check inside your web server config file ( httpd.conf
for Apache, sites-available\\your-host
for Nginx), if you have a default behavior for any error. If you're using Homestead, you can check the Nginx config file for anything like error_page 404 /index.php;
, comment the line and restart the service. That's not the ideal scenario but usually works.
Override the method within your form request object
class CreateUserRequest extends FormRequest {
public function forbiddenResponse(){
return abort(403);
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.