search

lonnieezell / myth-auth

One-stop Auth package for CodeIgniter 4
MIT License
637 stars 208 forks source link

The Auth Trait's restrictWithPermissions() method don't work when we pass more permissions than one in array #525

Closed manageruz closed 2 years ago

manageruz commented 2 years ago

AuthTrait.php file

public function restrictWithPermissions($permissions, $uri = null)
{
       $this->setupAuthClasses();
        if ($this->authenticate->check() && $this->authorize->hasPermission($permissions, $this->authenticate->id())) {
            return true;
        }

       //rest of the code goes here ...
}

FlatAuthorization.php file

public function hasPermission($permission, int $userId)
{
        if (empty($permission) || (! is_string($permission) && ! is_numeric($permission))) {
            return null;
        }

        if (empty($userId) || ! is_numeric($userId)) {
            return null;
        }

        // Get the Permission ID
        $permissionId = $this->getPermissionID($permission);

       //rest of the code goes here ...       
}

As we can see there is no code to check if passed $permission variable is array or not. So if we pass array as value with more than one permissions, code will return always null

MGatner commented 2 years ago

Fixed in #481