Laravel policies always return false

laravel policy
laravel user policy
laravel gates and policies tutorial
laravel policy before method
laravel policy not being called
laravel difference between gates and policies
laravel authorization tutorial
laravel access control

I have created policy, and add method view:

public function view(User $user, Contact $contact)
    return $user->id === $contact->manager;

Then I have registered it:

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    Contact::class => ContactPolicy::class,

And then I have tried to use it with controller helper:

public function view($id)
    $contact = Contact::find($id);
    $user = Auth::user();

    $this->authorize('view', $contact);

    return view('contact.edit')->with('contact', $contact);

And middleware:

Route::get('/contact/edit/{id}', 'EditContactController@view')->middleware('can:view,contact');

But I always get 403 error. contact->manager and user->id are the same. Also, Contact table scheme:

CREATE TABLE `contacts` (
  `id` int(11) NOT NULL,
  `first_name` varchar(25) NOT NULL,
  `last_name` varchar(25) NOT NULL,
  `email` varchar(35) NOT NULL,
  `home_phone` int(10) DEFAULT NULL,
  `work_phone` int(10) DEFAULT NULL,
  `cell_phone` int(10) DEFAULT NULL,
  `best_phone` enum('home_phone','work_phone','cell_phone') NOT NULL,
  `address_1` varchar(100) DEFAULT NULL,
  `address_2` varchar(100) DEFAULT NULL,
  `city` varchar(35) DEFAULT NULL,
  `state` varchar(35) DEFAULT NULL,
  `zip` int(6) DEFAULT NULL,
  `country` varchar(35) DEFAULT NULL,
  `birth_date` date DEFAULT NULL,
  `manager` int(11) UNSIGNED NOT NULL

I`ve just replaced

protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    Contact::class => ContactPolicy::class,


protected $policies = [
    'App\Model' => 'App\Policies\ModelPolicy',
    'App\Contact' => 'App\Policies\ContactPolicy',

and now it works with $this->authorize('view', $contact);, but middleware still return 403

Policy Not working. Always return False, I am new to using Policies in Laravel. I am using Policy for the PostController so that only the user with the appropriate permission can edit and  Hey! For the first time I'm using Policies in Laravel (Version 5.2.45). Now my policies always return false. So everywhere I try to check the user rights, I got a 403.

Kindly check your route link to that method if it has your middleware if not you can set it like.

Route::get('/view', CONTROLLER@view)->middleware('YOUR-MIDDLEWARE');


Route::get('/view', UserController@view)->middleware('auth:user');

Policy always returns false in Laravel 5.2, Hey! For the first time I'm using Policies in Laravel (Version 5.2.45). Now my policies always return false. So everywhere I try to check the user  Laravel drewdan • 2 weeks ago Does policy always return 403 if the response is false? Posted 2 weeks ago by drewdan. I always get a 403 rather than the

I know this is an old question, but if anyone else runs across this, make sure you look at your controller to determine if the model is being declared in the function call

in the original poster's code, it should be


public function view(Contact $contact)

and the web.php

Route::get('/contact/edit/{contact}', 'EditContactController@view')->middleware('can:view,contact');

so that the dependency injection can work properly.

Laravel policies always return false, 4 Answers. Kindly check your route link to that method if it has your middleware if not you can set it like. Route::get('/contact/edit/{contact}', 'EditContactController@view')->middleware('can:view,contact'); so that the dependency injection can work properly. However, this problem is, it will always result to a failure. I have checked the following links: Why is Auth::attempt always returns false. Laravel authattempt return false. P.S. These links seem very hard to follow as I do not utilize the Input class.

You can check the pluralizations if you translate the model in your lang.

Let me explain:

Example: Model Pagamento

Url slugs: pagamenti

In my case using the check inside the functions works fine, but not works using constructor:

 public function edit(Pagamento $pagamenti)

   $this->authorize('update', $pagamenti);

I changed:

public function __construct()

    //Abilita su tutto il resource
    //$this->authorizeResource(Pagamento::class,'pagamento'); // Not Works
    $this->authorizeResource(Pagamento::class,'pagamenti'); // Works


Now works fine ;)

Hope can help ;)

Laravel policy always false, The return is always 'false'. Same for calling policy form the controller. Where do I go wrong? share. However, when I try to do Auth::check in the view I have been redirected to, it seems that it returns FALSE and does not read the authenticated user. This makes the certain portion of that view to not be visible.

authorization policies always return false, Hi everybody! I defined an ability in AuthServiceProvider and it always returned false because i use custom guard. I could solve this problem,  By default, all gates and policies automatically return false if the incoming HTTP request was not initiated by an authenticated user. However, you may allow these authorization checks to pass through to your gates and policies by declaring an "optional" type-hint or supplying a null default value for the user argument definition:

Laravel authorize always returns false, I'm having some problems with Policies on Laravel. The problem is, my create policy always return false, no matter what I do, even when I explicity make it  Forum Laravel Laravel S3 'exists' method always returns false. Reply Follow Laravel S3 'exists' method always returns false Posted 2 years ago by victordelaunay. Hi!

Laravel policy always false, Laravel policy always false. I'm trying to allow user to view their own profile in Laravel 5.4. UserPolicy.php public function view(User $authUser, $user) { return​  Laravel Policies are the part of Laravel Authorization that helps you to protect resources from unauthorized access. In this post, I will show you how you can create a Laravel Policy to protect actions on your model. You might be familiar with Laravel Policies, this post is intended to help new users of Laravel. What is Laravel Policy?

  • You have a strict operator, are you sure the data types of id and manager are the same?
  • Yep, and with == it still return false
  • Hook up a debugger or dump from ContactPolicy::view to see what values are being passed.
  • Sorry, I`m new and PHP and Laravel and have not worked with debugger, how I can do it? (Sorry for stupid question).
  • That's a bit broad, I would highly recommend researching debugging techniques prior to even coding in a new language.
  • That really shouldn't make a difference. Contact::class is just a constant that contains the full path of the class. So Contact::class should be equivalent to App\Contact.
  • Hm, so why in this case all work fine? And, mb you know, why it works with authorize method, but middleware still returns 403?
  • Can't tell you that, you'll have to debug further. All I can tell you is that your supposed fix doesn't change anything.
  • Also, it's important to note, that the policy was never being called and thats why it always returned false. more than likely it was throwing a 403 and if you put a debug in the policy, it would never reach it because it never knew to try to look for the contact policy since it was just passing the id as an integer.