From 1a7540967ca36f875a262a22b76c2a094b9ba3b4 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylor@laravel.com>
Date: Fri, 16 Dec 2016 09:11:51 -0600
Subject: [PATCH] Form Request should throw AuthorizationException.

Form requests should throw the AuthorizationException when
authorization fails to be more consistent with the exception thrown by
the Gate class. The response / exception can still be overridden by
redefining the method.
---
 src/Illuminate/Foundation/Http/FormRequest.php | 16 +++-------------
 tests/Foundation/FoundationFormRequestTest.php |  3 +--
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/src/Illuminate/Foundation/Http/FormRequest.php b/src/Illuminate/Foundation/Http/FormRequest.php
index 16c704017e24..969690430ba7 100644
--- a/src/Illuminate/Foundation/Http/FormRequest.php
+++ b/src/Illuminate/Foundation/Http/FormRequest.php
@@ -9,7 +9,7 @@
 use Illuminate\Container\Container;
 use Illuminate\Contracts\Validation\Validator;
 use Illuminate\Validation\ValidationException;
-use Illuminate\Http\Exception\HttpResponseException;
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Validation\ValidatesWhenResolvedTrait;
 use Illuminate\Contracts\Validation\ValidatesWhenResolved;
 use Illuminate\Contracts\Validation\Factory as ValidationFactory;
@@ -136,11 +136,11 @@ protected function passesAuthorization()
      *
      * @return void
      *
-     * @throws \Illuminate\Http\Exception\HttpResponseException
+     * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     protected function failedAuthorization()
     {
-        throw new HttpResponseException($this->forbiddenResponse());
+        throw new AuthorizationException('This action is unauthorized.');
     }
 
     /**
@@ -160,16 +160,6 @@ public function response(array $errors)
                                         ->withErrors($errors, $this->errorBag);
     }
 
-    /**
-     * Get the response for a forbidden operation.
-     *
-     * @return \Symfony\Component\HttpFoundation\Response
-     */
-    public function forbiddenResponse()
-    {
-        return new Response('Forbidden', 403);
-    }
-
     /**
      * Format the errors from the given Validator instance.
      *
diff --git a/tests/Foundation/FoundationFormRequestTest.php b/tests/Foundation/FoundationFormRequestTest.php
index 1d7597f3058e..4343485c1f40 100644
--- a/tests/Foundation/FoundationFormRequestTest.php
+++ b/tests/Foundation/FoundationFormRequestTest.php
@@ -46,7 +46,7 @@ public function testValidateFunctionThrowsValidationExceptionIfValidationFails()
     }
 
     /**
-     * @expectedException \Illuminate\Http\Exception\HttpResponseException
+     * @expectedException \Illuminate\Auth\Access\AuthorizationException
      */
     public function testValidateFunctionThrowsHttpResponseExceptionIfAuthorizationFails()
     {
@@ -59,7 +59,6 @@ public function testValidateFunctionThrowsHttpResponseExceptionIfAuthorizationFa
         );
         $container->instance('Illuminate\Contracts\Validation\Factory', $factory);
         $validator->shouldReceive('passes')->never();
-        $request->shouldReceive('forbiddenResponse')->once()->andReturn(new Illuminate\Http\Response);
 
         $request->validate($factory);
     }