search

Zizaco / entrust

Role-based Permissions for Laravel 5
MIT License
6.05k stars 1.29k forks source link

Application uses Authorizable can method if both traits exists within the application #924

Open prog-24 opened 6 years ago

prog-24 commented 6 years ago

If both Authorizable and EntrustUserTrait are present within a model, checking using an array preferes Authorizable to EntrustUserTrait thus failing its check. See the example below.

class User { use Authorizable, EntrustUserTrait { Authorizable::can insteadof EntrustUserTrait; EntrustUserTrait::can as entrustCan; }

Somewhere in the application:

$this->auth_user->entrustCan([PERM_A, PERM_B]);

In EntrustUserTrait

public function can($permission, $requireAll = false)
{
    if (is_array($permission)) {
        foreach ($permission as $permName) {
            $hasPerm = $this->can($permName); 
 //This call Laravels Authorizable instead of being a recursive function that it should be

            if ($hasPerm && !$requireAll) {
                return true;
            } elseif (!$hasPerm && $requireAll) {
                return false;
            }
        }

        // If we've made it this far and $requireAll is FALSE, then NONE of the perms were found
        // If we've made it this far and $requireAll is TRUE, then ALL of the perms were found.
        // Return the value of $requireAll;
        return $requireAll;
    } else {
        foreach ($this->cachedRoles() as $role) {
            // Validate against the Permission table
            foreach ($role->cachedPermissions() as $perm) {
                if (str_is( $permission, $perm->name) ) {
                    return true;
                }
            }
        }
    }
prog-24 commented 6 years ago

You can make the calls individually as a work around. So instead of:

$this->auth_user->entrustCan([PERM_A, PERM_B]); you can do

$this->auth_user->entrustCan(PERM_B); $this->auth_user->entrustCan(PERM_A);