search

sebastienheyd / boilerplate

Laravel AdminLTE 3 Boilerplate package with blade components, users, roles and permissions management
MIT License
219 stars 66 forks source link

Permission always return false #90

Closed thracefields closed 1 year ago

thracefields commented 1 year ago

Let's say we have that code for example: Route::resource('countries', CountryController::class)->except(['show', 'destroy'])->middleware(['permssion:tools']);

Even if I am admin, it always say 403.

I have to use this syntax to work: Route::resource('countries', CountryController::class)->except(['show', 'destroy'])->middleware(['ability:admin,tools']);

The permission doesn't have category.

sebastienheyd commented 1 year ago

If you don't use ability to say that admin is authorized, admin will not be authorized.

The reason is simple, admin is a role, unlike what you can see on the role's edit page, permissions aren't really assigned to this role (see in the db).

So if we check if admin has a permission, he'll never get it.

This was done so that when adding a "boilerplate" package, there's no need to attach permissions to the admin role. Otherwise, a migrate would have to be created each time to attach the permissions to the role.

I hope my explanation is clear