laravel api gate check

Question

im using laravel 7 and im using gates and policies i have api controller called Journal_entries_controller and i have index function

public function index()
{
    $journal_entries = Journal_entry::with('get_journal_entry_lines')->get();
    return response()->json($journal_entries,200);
}

like this everything working so good.. to check gate i did this..

public function index()
{
    $auth = auth('api')->user();
    if(!Gate::allows('journal_entries.view',$auth))
        return 'not auth';
    $journal_entries = Journal_entry::with('get_journal_entry_lines')->get();
    return response()->json($journal_entries,200);
}

like that i get not auth the code stop there and if i dd($auth) i gat the logged user like this..

public function index()
{
    $auth = auth('api')->user();
    dd($auth);
}

any help here thanks..

Answer 1

In the if statement:

if(!Gate::allows('journal_entries.view',$auth))
    return 'not auth';

The Gate::allows is returning false by adding the ! we make the response true which is why the not auth code is returning.

The first thing to do is make sure the journal_entries.view is a gate in the App\Providers\AuthServiceProvider .

If it is a valid gate please post the contents of the gate so we know the intended functionality.

In the mean time you may want to try changing if(:Gate:.allows('journal_entries,view',$auth)) to if(Gate::denies('journal_entries.view',$auth)) or if(Gate::allows('journal_entries.view',$auth))

The docs for gates can be found here https://laravel.com/docs/7.x/authorization#authorizing-actions-via-gates