livewire: AuthorizeRequests exceptions not handled by assertForbidden

Describe the bug $this->authorize(..) throws an AuthorizationException that is not catched by the assertForbidden() methods

To Reproduce

component:

use App\Http\Livewire\LivewireComponent;
use App\Modules\Actions\Models\ModelAction;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;

class ListEntry extends LivewireComponent
{
    use AuthorizesRequests;

    public $modelAction;

    public function mount(ModelAction $modelAction)
    {
        $this->modelAction = $modelAction;

        $this->authorize('view', $this->modelAction);
    }

    public function render()
    {
        return view(....);
    }
}

test:

/** @test */
    public function user_cannot_see_action_details()
    {
        $modelAction = $this->newModelAction();

        // actAs a user withOUT proper permissions
        $this->asUser();

        Livewire::test(ListEntry::class, ['modelAction' => $modelAction])
            ->assertForbidden();
    }

this test outputs:


There was 1 error:

1) Tests\Feature\Actions\ActionsControllerShowTest::user_cannot_see_action_details
ErrorException: This action is unauthorized. (View: ...
[...]
Caused by
Illuminate\Auth\Access\AuthorizationException: This action is unauthorized.
[...]

Looking at the assertForbidden() code, it expects an HttpException, however this is not the type that is thrown. We can argue that technically it is not a bug since the assertForbidden confirms an HttpException with code 403, however it does not handle such case, which is the one exampled in the documentation. More, is there a real scenario where an HttpException is actually thrown inside a livewire component (except if we do it manually, of course?)

Maybe I’m missing something and should be testing this differently…

Expected behavior assertForbidden() handles AuthorizationException

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18 (9 by maintainers)

Most upvoted comments

@DanHarrin

Ok, so the issue is with my test: the assertForbidden() needs to be called right after the failing function (create, set, call).

This won’t work since the exception is thrown in the test() call:

Livewire::test(CreateForm::class, ['contract' => $anotherContract])
    ->set('type', RequestType::all()->random()->id)
    ->assertForbidden();

This works:

Livewire::test(CreateForm::class, ['contract' => $anotherContract])
    ->assertForbidden();

All seems ok to me with the PR 👍 …and thanks for the quick fix!!

Can be closed.

+2
ghost on Apr 22, 2020
Read more comments on GitHub
← livewire: AlpineJs directives not working after component is reloaded
livewire: Autofill from password manager not working in Mobile Safari →