cartalyst / sentinel

A framework agnostic authentication & authorization system.
BSD 3-Clause "New" or "Revised" License
1.52k stars 240 forks source link

Return value of Cartalyst\Sentinel\Users\EloquentUser::getPermissions() must be of the type array, string returned #513

Closed no0by5 closed 5 years ago

no0by5 commented 5 years ago

Your Environment

Expected behaviour

A call to Cartalyst\Sentinel\Users\EloquentUser::getPermissions() should not throw an exception.

Actual behaviour

It throws

Symfony\Component\Debug\Exception\FatalThrowableError "Return value of Cartalyst\Sentinel\Users\EloquentUser::getPermissions() must be of the type array, string returned"

Steps to reproduce

In my Middleware i call abort_unless(($user ? $user->hasAccess($permission) : false), 403); I tried adding permissions with

$user->addPermission('roles.create');
$user->setPermissions(['roles.create' => true]);
$user->permissions = [
    'roles.create'  => true,
];

In every case the Exception is thrown.
With Sentinel v2 it has been working like this.

8633brown commented 5 years ago

The only way I can seem to replicate this is by running $user->permissions = 'roles.create' and writing this to the DB. This writes the string directly to the DB. Then when trying to read back with EloquentUser::hasAccess I get the mentioned error.

I cant replicate the error with the other steps you gave.

https://github.com/8633brown/sentinel/blob/b42950536814186504e5f832b2c46cc20a801bf7/tests/Sentinel513Test.php#L84-L147

no0by5 commented 5 years ago

I found the problem. I have my own user model where I overwrite the casts variable. Since the new Sentinel version this is also used by Sentinel's user model to cast the permissions into json. I didn't have this cast in my casts variable, which led to the problem. It would have been helpful if this had been in the update news. https://github.com/cartalyst/sentinel/blob/3.0/src/Users/EloquentUser.php#L64-L71