Search code examples
laravelapimiddlewarelaravel-passportlaravel-permission

laravel handler always return false when i use spatie middleware

I'm trying to create permissions and roles for users in a Laravel API Project. I'm using Passport and Spatie's Permission package. Using that I added a middleware:

Route

Route::middleware('auth:api')->group(function () {
    /** Roles Route */
        Route::get('roles',[RoleController::class, 'index'])->middleware('permission:role-list');
}

Handler.php:

        public function render($request, Throwable $exception)
    {
        if ($exception instanceof UnauthorizedException) {
            return response()->json(['User does not have the right roles.'],403);
        }

    return parent::render($request, $exception);
    }

Controller:

        function __construct()
    {
        $this->middleware('permission:role-list', ['only' => ['index']]);
        $this->middleware('permission:role-create', ['only' => ['store']]);
        $this->middleware('permission:role-edit', ['only' => ['update']]);
        $this->middleware('permission:role-delete', ['only' => ['destroy']]);
    }
    public function index()
    {
        $roles = Role::all();
        return response(['role' => $roles], 200);

    }

I created an admin account and it was given all the existing permissions, but whenever I ask for the route, it shows me that error message:

User does not have the right roles.

I checked the database and the user had all the required permissions for that.

Solution

  • First of all add the package middlewares in the Kernel.php as described here.

    protected $routeMiddleware = [
    // ... other middleware
    'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
    'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
    'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
];

    Depending on where you want to define the permissions to access a method either define them in the Controller or on the route. Adding them to both the route and Controller is only doing the same thing.

    Changing something in the Handler.php should not be required.

    Note that permissions can have different guards. For example it can be web or api.

    After changing roles or permissions it sometimes helps to reset the cache. Resetting the cache can be done with php artisan permission:cache-reset command.