Authorization
Laravel 8
Laravel 9
Laravel 10
Laravel 11
Laravel 12
403 Forbidden Unauthorized Action in Laravel - Fix
This error occurs when an authenticated user tries to perform an action they don't have permission for.
The Error
Error Message
403 Forbidden / This action is unauthorizedCommon Causes
- 1 Policy denying access
- 2 Gate returning false
- 3 Missing permission or role
- 4 authorize() check failing in controller
Solutions
1
Define policy correctly
PHP
// app/Policies/PostPolicy.php
public function update(User $user, Post $post)
{
return $user->id === $post->user_id;
}
2
Use authorization in controller
PHP
public function update(Request $request, Post $post)
{
$this->authorize('update', $post);
// or
if ($request->user()->cannot('update', $post)) {
abort(403);
}
}
3
Check permissions in Blade
Blade
@can('update', $post)
<a href="{{ route('posts.edit', $post) }}">Edit</a>
@endcan
@cannot('delete', $post)
<p>You cannot delete this post</p>
@endcannot
4
Register policy in AuthServiceProvider
PHP
protected $policies = [
Post::class => PostPolicy::class,
];Need Help With Your Laravel Project?
I specialize in building custom Laravel applications, process automation, and SaaS development. Whether you need to eliminate repetitive tasks or build something from scratch, let's discuss your project.
Currently available for 2-3 new projects
About Hafiz
Full Stack Developer from Italy. I build web applications with Laravel and Vue.js, and automate business processes. Creator of ReplyGenius, StudyLab, and other SaaS products.
View Portfolio