fix: authorizer response with status should be honoured when unauthen…

…ticated

src/Http/Requests/FormRequest.php

@@ -254,7 +254,9 @@ protected function passesAuthorization()
             }
 
         } catch (AuthorizationException $ex) {
-            $this->failIfUnauthenticated();
+            if (!$ex->hasStatus() || $ex->hasStatus() && $ex->status() === 403) {
+                $this->failIfUnauthenticated();
+            }
             throw $ex;
         }
         return true;

tests/dummy/app/Policies/UserPolicy.php

@@ -55,13 +55,13 @@ public function updatePhone(User $user, User $other): bool
     /**
      * Determine if the user can delete the other user.
      *
-     * @param User $user
+     * @param ?User $user
      * @param User $other
      * @return bool|Response
      */
-    public function delete(User $user, User $other)
+    public function delete(?User $user, User $other)
     {
-        return $user->is($other) ? true : Response::denyAsNotFound('not found message');
+        return $user?->is($other) ? true : Response::denyAsNotFound('not found message');
     }
 
 }

tests/dummy/tests/Api/V1/Users/DeleteTest.php

@@ -35,4 +35,22 @@ public function test(): void
             'title' => 'Not Found',
         ]);
     }
+
+    public function testUnauthenticated(): void
+    {
+        $user = User::factory()->createOne();
+
+        $expected = $this->serializer
+            ->user($user);
+        $response = $this
+            ->jsonApi('users')
+            ->delete(url('/api/v1/users', $expected['id']));
+
+        $response->assertNotFound()
+            ->assertHasError(404, [
+                'detail' => 'not found message',
+                'status' => '404',
+                'title' => 'Not Found',
+            ]);
+    }
 }