search

JosephSilber / bouncer

Laravel Eloquent roles and abilities.
MIT License
3.45k stars 330 forks source link

Ability Options Bouncer::can not return abilities or mistake #625

Closed abkrim closed 1 year ago

abkrim commented 1 year ago

Hello. First of all, thank you for the package, because I was looking for something like that, for a specific project.

When I went to try one of the things that mattered most to me, I ran into a problem that I don't know if it was an error of mine or something that's wrong.

It tries to apply an ability to a specific user on its own $user, the password modification.

I do return the user's abilities, and I do see the ability included, for the id entity, and its User model but when I try to use the method to check if the user has that ability, it returns a false.

I'm working on the tinker (before testing) and before starting refresh Bouncer Bouncer::refresh();

 proof of concept

$user = User::where('name', 'Viewer')->first()
= App\Models\User {#8820
     id: 22,
     name: "Viewer",
     email: "viewer@mail.com",
     email_verified_at: "2023-04-09 06:47:30",
     #password: "$2y$10$5f.0I/ByC.amiWuHV2n3vufw0XXnLisIvbTYusRVuOKe5wXdl7bVa",
     is_superadmin: 0,
     theme: null,
     components: null,
     default_locale: null,
     #remember_token: null,
     created_at: "2023-04-07 05:49:50",
     updated_at: "2023-04-09 06:47:30",
   }

$user->getAbilities();
= Illuminate\Database\Eloquent\Collection {#8835
     all: [
       Silber\Bouncer\Database\Ability {#8822
         id: 61,
         name: "edit-password",
         title: "Edit password user #22",
         entity_id: 22,
         entity_type: "App\Models\User",
         only_owned: 0,
         options: null,
         scope: null,
         created_at: "2023-04-09 07:09:01",
         updated_at: "2023-04-09 07:09:01",
       },
     ],
   }

Check ability get a false

Bouncer::can('edit-password', $user)
= false

Create the user and then apply the ability with

$viewer = User::where('name', 'Viewer')->first();
Bouncer::allow($viewer)->to('edit-password', $viewer);

This in the table abilities put 

   {
     "id": 61,
     "name": "edit-password",
     "title": "Edit password user #22",
     "entity_id": 22,
     "entity_type": "App\\Models\\User",
     "only_owned": 0,
     "options": null,
     "scope": null,
     "created_at": "2023-04-09 07:09:01",
     "updated_at": "2023-04-09 07:09:01"
   }

For me, it is a crucial point, since I need granularity in certain models, which each role can access, and edit according to their role.

Appreciated the help to see if I have to continue investigating or I did not understand the matter,

abkrim commented 1 year ago

Finally I have seen the problem.

It is a silent error incident.

The model has a method that fails in certain scenarios

public function isSuperAdmin(): bool
{
     return $this->is_superadmin
}

In a null value in the is_superadmin field the error was produced and in addition the failure in the management of Bouncer.

Fixed on typing

public function isSuperAdmin(): bool
{
     return $this->is_superadmin ?: false;
}

Sorry for the inconvenience