I've created a policy to guard my model. What I'm trying to do is block anyone from editing a thought record that isn't there's.
web.php
Auth::routes();
Route::prefix('/')->middleware(['auth','can:viewAny,App\ThoughtRecord'])->group(function() {
Route::get('/record/{id}/edit', 'ThoughtRecordController@edit')->middleware('can:isOwner,App\ThoughtRecord');
Route::patch('/record/{thoughtRecord}','ThoughtRecordController@update')->middleware('can:isOwner,App\ThoughtRecord');
});
ThoughtRecordPolicy.php
public function isOwner(User $user, ThoughtRecord $thoughtRecord)
{
return $user->id == $thoughtRecord->user_id;
}
The ->middleware(['auth','can:viewAny,App\ThoughtRecord']) works perfectly fine. The middleware on the other routes doesn't though ->middleware('can:isOwner,App\ThoughtRecord') and produces this error:
Error
Symfony\Component\Debug\Exception\FatalThrowableError Too few arguments to function App\Policies\ThoughtRecordPolicy::isOwner(), 1 passed in /Applications/MAMP/htdocs/thought-records/vendor/laravel/framework/src/Illuminate/Auth/Access/Gate.php on line 706 and exactly 2 expected
Edit:
I changed the route to:
Route::get('/record/{thoughtRecord}/edit', 'ThoughtRecordController@edit')->middleware('can:isOwner,thoughtRecord');
Now I'm getting a 403 on a condition that I'm pretty positive is true.
