Forbidden when trying to patch User

Question

I'm trying to update a user's profile by patching an update. The patch seems to be going through but when pressing 'save profile' I simply go to a blank page stated: 'forbidden'.

Here is my code:

ProfileController.php

<?php namespace App\Http\Controllers;

use Auth;

use App\User;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Http\Requests\UpdateUserRequest;

use Illuminate\Http\Request;

class ProfileController extends Controller {

    public function __construct()
    {
        $this->middleware('auth');
    }

    public function show()
    {
        return view('pages.profile.profile');
    }

    public function search($username)
    {
        $user = User::whereUsername($username)->first();

        return view('pages.profile.showprofile', compact('user'));
    }

    public function edit() 
    {
        $user = Auth::user();

        return view('pages.profile.editprofile')->withUser($user);
    }

    public function update(UpdateUserRequest $request, User $user) 
    {
        return 'update user';
    }


}

Routes.php

<?php

/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/

# Home
Route::get('/', 'StaticPagesController@home');

# Profile
#User binding
Route::bind('user', function($username) {
$user = App\User::find($username)->first();
});
Route::get('profile', 'ProfileController@show');
Route::get('profile/edit', 'ProfileController@edit');
Route::get('profile/{username}', 'ProfileController@search');
Route::patch('user/{username}', 'ProfileController@update');

# Calendar
Route::get('calendar-php', 'CalendarController@index');
Route::get('calendar', 'CalendarController@show');

# Authentication
Route::controllers([
    'auth' => 'Auth\AuthController',
    'password' => 'Auth\PasswordController',
]);

editprofile.blade.php

@extends('masterpage')
...
{!! Form::model($user, ['url' => 'user/' . $user->username, 'method' => 'PATCH']) !!}
    <div class="form-group form-horizontal">
        <div class="form-group">
                {!! Form::label('username', 'Username:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                <label class="align-left">{{ $user->username}}<label>       
            </div>  
        </div>

        <div class="form-group">
                {!! Form::label('email', 'E-mail:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                <label class="align-left">{{ $user->email}}<label>  
            </div>  
        </div>

        <div class="form-group">
                {!! Form::label('name', 'Name:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                <label class="align-left">{{ $user->name}} {{ $user->lastname}}<p>  
            </div>  
        </div>

        <br />

        <div class="form-group">
                {!! Form::label('city', 'City:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                {!! Form::Text('city', null, ['class' => 'form-control']) !!}
            </div>  
        </div>

        <div class="form-group">
                {!! Form::label('country', 'Country:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                {!! Form::Text('country', null, ['class' => 'form-control']) !!}
            </div>  
        </div>

        <div class="form-group">
                {!! Form::label('phone', 'Phone:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                {!! Form::Text('phone', null, ['class' => 'form-control']) !!}
            </div>  
        </div>

        <div class="form-group">
                {!! Form::label('twitter', 'Twitter link:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                {!! Form::Text('twitter', null, ['class' => 'form-control']) !!}
            </div>  
        </div>

        <div class="form-group">
                {!! Form::label('facebook', 'Facebook link:', ['class' => 'col-md-4 control-label']) !!}
            <div class="col-md-6">
                {!! Form::Text('facebook', null, ['class' => 'form-control']) !!}
            </div>  
        </div>

        <div class="form-group">
            <div class="col-md-6 col-md-offset-4">
                {!! Form::submit('Save Profile', ['class' =>  'btn btn-primary']) !!}
            </div>
        </div> 

        </div>  
    </div>
{!! Form::close() !!}
...

This is the page I get once pressing the Save profile button:

I've searched for this error and this is what I found: // Forbidden App::abort(403, 'Access denied'); Though I'm trying to update my own profile. Anyone have an idea why it's doing this?

Answer 1

I realize that you have likely already figured it out, but in order to make this post more helpful, I'd like to post a probable cause of this error.

It looks like you are using a custom request class "UpdateUserRequest". If you do this using "php artisan make:request" you'll notice that the method "authorize()" within your request file will return "false" by default. You can either change this to return "true" instead, or write your own authorization logic within this method.