-
Notifications
You must be signed in to change notification settings - Fork 11.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[8.x] Adds Response authorization to Form Requests #38489
[8.x] Adds Response authorization to Form Requests #38489
Conversation
Isn't overridden the |
Yes, but then you're bound for one generic authorization message, which may not reflect why the authorization failed. public function authorize()
{
return $this->user()->isAdmin() || $this->user()->posts()->count() < 30;
}
public function failedAuthorization()
{
return 'Well... you are not an admin, or you are over your post count'.
} |
Got it. Thanks for the heads up |
It would be less of a breaking if you do not change the behavior at all for non Response results. |
Yeah, was kind of a stretch for strings. I'll fix it once I get into my oven. |
* Adds Response authorization to Form Requests. * Style changes * Removes string check to denying responses. * Fixes tests by removing string check. * Removed string authorization to denying response.
What?
Allows to use
Response
objects in theauthorize()
method of the Form Requests.Why?
Because otherwise you have to fallback to using the Gate or Policy manually, or authorize via Controller, which makes FormRequest authorization a moot point.
How?
When the
passesAuthorization()
method of the FormRequest is called, it will do two additional checks if the response from theauthorize()
method is not falsy: if it's a Response instance, callauthorize()
.BC?
None, as the
authorize()
is meant to return a bool anyway as the PHPDoc states.