Form Request should throw AuthorizationException.

Form requests should throw the AuthorizationException when authorization fails to be more consistent with the exception thrown by the Gate class. The response / exception can still be overridden by redefining the method.
laravel · Dec 16, 2016 · 1a75409 · 1a75409
1 parent 46f805b
commit 1a75409
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 15 deletions.
diff --git a/src/Illuminate/Foundation/Http/FormRequest.php b/src/Illuminate/Foundation/Http/FormRequest.php
@@ -9,7 +9,7 @@
 use Illuminate\Container\Container;
 use Illuminate\Contracts\Validation\Validator;
 use Illuminate\Validation\ValidationException;
-use Illuminate\Http\Exception\HttpResponseException;
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Validation\ValidatesWhenResolvedTrait;
 use Illuminate\Contracts\Validation\ValidatesWhenResolved;
 use Illuminate\Contracts\Validation\Factory as ValidationFactory;
@@ -136,11 +136,11 @@ protected function passesAuthorization()
      *
      * @return void
      *
-     * @throws \Illuminate\Http\Exception\HttpResponseException
+     * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     protected function failedAuthorization()
     {
-        throw new HttpResponseException($this->forbiddenResponse());
+        throw new AuthorizationException('This action is unauthorized.');
     }
 
     /**
@@ -160,16 +160,6 @@ public function response(array $errors)
                                         ->withErrors($errors, $this->errorBag);
     }
 
-    /**
-     * Get the response for a forbidden operation.
-     *
-     * @return \Symfony\Component\HttpFoundation\Response
-     */
-    public function forbiddenResponse()
-    {
-        return new Response('Forbidden', 403);
-    }
-
     /**
      * Format the errors from the given Validator instance.
      *

diff --git a/tests/Foundation/FoundationFormRequestTest.php b/tests/Foundation/FoundationFormRequestTest.php
@@ -46,7 +46,7 @@ public function testValidateFunctionThrowsValidationExceptionIfValidationFails()
     }
 
     /**
-     * @expectedException \Illuminate\Http\Exception\HttpResponseException
+     * @expectedException \Illuminate\Auth\Access\AuthorizationException
      */
     public function testValidateFunctionThrowsHttpResponseExceptionIfAuthorizationFails()
     {
@@ -59,7 +59,6 @@ public function testValidateFunctionThrowsHttpResponseExceptionIfAuthorizationFa
         );
         $container->instance('Illuminate\Contracts\Validation\Factory', $factory);
         $validator->shouldReceive('passes')->never();
-        $request->shouldReceive('forbiddenResponse')->once()->andReturn(new Illuminate\Http\Response);
 
         $request->validate($factory);
     }