Not authorized to perform an action that does not modify the resource #3560
Description
- Laravel Version: ^8.54
- Nova Version: ^3.29
- PHP Version: 7.4.23
- Database Driver & Version: Mysql 5.7
- Operating System and Version: Ubuntu 20.04.3
- Browser type and version: Safari 14.0.3
- Reproduction Repository: None
Description:
When running an action on a table row resource I'm seeing "Sorry, you are not authorized to perform this action". The resource has an application policy allowing viewAny and view, but not authorized else. The action is not modifying the resource (its a download PDF button).
If I allow update permissions the action runs, but then the user can edit the resource through the nova interface, which I do not want.
Is there a work around or a way of allowing the action to run without the resource being editable? I've searched the docs and can't find one, but its possible/probable I have missed something.