authorizeResource does not work for models with compound names

[jpuck]

• Laravel Version: 5.4.15
• PHP Version: PHP 7.0.15-0ubuntu0.16.04.4
• Database Driver & Version: mysql Ver 14.14 Distrib 5.7.17, for Linux (x86_64) using EditLine wrapper

Description:

authorizeResource does not seem to work for models with more than 1 part to its name.

Steps To Reproduce:

here's a quick demo app in which you can see authorizeResource works fine for the Post model, but not for the CompoundName model.

This show method will always return unauthorized:

class CompoundNameController extends Controller
{
    public function __construct()
    {
        $this->authorizeResource(CompoundName::class);
    }

    // ...

    public function show(CompoundName $compoundName)
    {
        return $compoundName;
    }
}

However, explicit authorization works fine as expected:

class CompoundNameController extends Controller
{
    public function __construct()
    {
        //
    }

    // ...

    public function show(CompoundName $compoundName)
    {
        $this->authorize('view', $compoundName);
        return $compoundName;
    }
}

[devcircus]

Just submitted a PR that should fix the issue. Looks like the "authorizesResource" method was calling "strtolower" on the base_class of the model. Calling "lcfirst" should fix it.
Also, as the second parameter, you could pass the camelcased string and it would work without the pull request. eg.

    public function __construct()
    {
        $this->authorizeResource(CompoundName::class, 'compoundName');
    }

[dschreij]

Your tip of passing the variable's compound name as the second argument saved the day!

[pedrofurtado]

#16184