Disallow Everyone not working as expected

JosephSilber / bouncer

Laravel Eloquent roles and abilities.

MIT License

3.43k stars 330 forks source link

Disallow Everyone not working as expected #611

Closed undjike closed 1 year ago

undjike commented 1 year ago

Hello, I have this code...

$user = User::factory()->create();

Auth::login($user);

Bouncer::allow($user)->to('delete-entity', $entity);

$firstTest = Bouncer::can('delete-entity', $entity);

Bouncer::disallowEveryone()->to('delete-entity', $entity);

Bouncer::refreshFor($user);
Bouncer::refresh();

$secondTest = Bouncer::can('delete-entity', $entity);

The output is :

$firstTest = true
$secondTest = true

Expected behaviour :

$firstTest = true
$secondTest = false

Can anyone help?

JosephSilber commented 1 year ago

The "everyone" ability is a broader ability than the ability granted directly to a user. The disallowEveryone method simply removes a general ability that was previously granted via allowEveryone.