Open Pen-y-Fan opened 1 year ago
Do you know what values we are getting in the $team
and $requireAll
variables in the service provider in a7459625cee7d0e2af59335ebbfb716f62096a04?
Same issue. Did you resolve it? with permissions_as_gates = true:
$user->can('dothething') // checks permission and works
$user->can('view', User::find(1)) // defers to policy and works as expected
$user->can('viewAny', User::class) // doesn't work anymore, same error 'no query results'
Describe the bug
Setting the permissions_as_gates with teams enabled breaks the
can
method in routes. The view is returned 404 not found.I bumped Laravel 10.7.1 to 10.10.1 and Laratrust from 8.0.1 to 8.2.1, and the app stopped working on all routes with the
can
method.The app was working prior to the upgrade with all tests passing.
To Reproduce
Steps to reproduce the behavior:
New Laravel app, with Laratrust
Update the laratrust configuration file enable teams and
permissions_as_gates' => true,
Add a user, policy, model(s) and team.
In web.php add a route with a can method e.g.:
This route will now fail with the error message:
404 NOT FOUND
No exceptions are logged. The Laravel debug bar does catch the exception:
No query results for model [App\Models\LaratrustTeam]. at \vendor\laravel\framework\src\Illuminate\Database\Eloquent\Builder.php:599) [stacktrace] "}},"userId":3,"exception":"[object] (Spatie\LaravelIgnition\Exceptions\ViewException(code: 0): No query results for model [App\Models\LaratrustTeam]. at vendor\laravel\framework\src\Illuminate\Database\Eloquent\Builder.php:599) [stacktrace]
0 vendor\santigarcor\laratrust\src\Helper.php(50): Illuminate\Database\Eloquent\Builder->firstOrFail()
1 \vendor\santigarcor\laratrust\src\Checkers\User\UserDefaultChecker.php(121): Laratrust\Helper::getIdFor('App\\Models\\Even...', 'team')
2 \vendor\santigarcor\laratrust\src\Traits\HasRolesAndPermissions.php(192): Laratrust\Checkers\User\UserDefaultChecker->currentUserHasPermission('viewAny', 'App\\Models\\Even...', false)
3 \vendor\santigarcor\laratrust\src\LaratrustServiceProvider.php(175): App\Models\User->hasPermission('viewAny', 'App\\Models\\Even...', false)
4 \vendor\laravel\framework\src\Illuminate\Auth\Access\Gate.php(553): Laratrust\LaratrustServiceProvider->Laratrust\{closure}(Object(App\Models\User), 'viewAny', Array)
5 \vendor\laravel\framework\src\Illuminate\Auth\Access\Gate.php(426): Illuminate\Auth\Access\Gate->callBeforeCallbacks(Object(App\Models\User), 'viewAny', Array)
6 \vendor\laravel\framework\src\Illuminate\Auth\Access\Gate.php(395): Illuminate\Auth\Access\Gate->raw('viewAny', Array)
7 \vendor\laravel\framework\src\Illuminate\Auth\Access\Gate.php(382): Illuminate\Auth\Access\Gate->inspect('viewAny', 'App\\Models\\Even...')
8 \app\View\Components\Plan\PlanList\Index.php(54): Illuminate\Auth\Access\Gate->authorize('viewAny', 'App\\Models\\Even...')
9 [internal function]: App\View\Components\Plan\PlanList\Index->__construct(Object(Illuminate\Http\Request), Object(App\Models\Plan))
... etc...
When I run my test most failed too, the stack trace above is from one of the tests, which has the gate in the controller, the stack trace is the same for both.
The Gate in a controller can be fixed:
This used to work with model policies, something changed recently to change the behaviour.
The model policy:
The can method on routes can not be fixed this way.
e.g.
This will return:
This action is unauthorized.
Reading the stack trace the team is dropped and an empty array is passed through as arguments:
The can method on Route:
It doesn't accept a team.
The workaround for me was to update the config
permissions_as_gates=false
, the previous behaviour using policies returned and everything now works.Looking at recent changes the Gate policy has been updated to add attributes for a team. This has unexpected consequences regarding the Route can method.
https://github.com/santigarcor/laratrust/commit/a7459625cee7d0e2af59335ebbfb716f62096a04