search

sebastienheyd / boilerplate

Laravel AdminLTE 3 Boilerplate package with blade components, users, roles and permissions management
MIT License
219 stars 66 forks source link

Menu role doesn't restrict access #52

Closed cod3rshotout closed 2 years ago

cod3rshotout commented 2 years ago

I have defined these roles:

Then, I have created a menu called Patients:

class Patients
{
    public function make(Builder $menu)
    {
        $item = $menu->add('patients.title', [
            'icon' => 'fa-user-injured',
            'role' => 'tenant',
            'order' => 103
        ]);

        $item->add('patients.list.title', [
            'route' => 'socialthess.patients.index',
            'active' => 'socialthess.patients.index',
        ]);
    }
}

as you can see I have specified the role tenant, but if I access as an user which have the role patient I can see the menu.

Also, I would like to ask another question: when I signin as patient user and try to access to the datatable I get:

Symfony\Component\HttpKernel\Exception\HttpException

This is the content of the setUp function:

public function setUp()
{
    $this->permissions(['invites_crud'])
        ->order('id', 'desc');
}

The user have that permission, but for some reason the data aren't returned, this happen just for invites_crud user, the admin doesn't have any issues .. what I did wrong?

sebastienheyd commented 2 years ago

First point has been fixed on 7.12.0

Second point is certainly not a permission issue on the datatable component, if the user does not have the permission the datatable will be replaced by a simple message that the user has not the permission to display the datatable.