search

yajra / laravel-acl

Laravel ACL is a simple role, permission ACL for Laravel Framework.
https://yajrabox.com/docs/laravel-acl
MIT License
109 stars 31 forks source link

permission not working #14

Closed leandroruel closed 4 years ago

leandroruel commented 7 years ago

i think i'm doing something wrong, not sure, i searched at stackoverflow but i not find anything related to this package, so i followed the installation tutorial at documentation, and inserted a admin permission to test a user, but even after that he keep returning "You are not authorized to access this resource."

i'm using a api route resource, like this:

Route::group(['middleware' => ['auth:api', 'role:admin']], function() {
    Route::resource('users', User\UserController', ['except' => 'edit']);
});

this is my table: permissions permission-table this is my tabke: permissions_role permissions-role-table

yajra commented 7 years ago

Did you inserted the records directly on database? The packages uses cache. Try clearing it first?

php artisan cache:clear
leandroruel commented 7 years ago

yes, cleaned all, just one question, can i use this package to block a route in a api? i'm trying pass the middleware at kernell file. in the api array. is it possible with this package?

the permission can "sync" with my api endpoint?

also, i'm using laravel 5.4, and using your trait hasRole, just returns this: 

Call to undefined method Illuminate\Database\Query\Builder::canAtLeast()
yajra commented 7 years ago

I think YES, as long as the api routes are using the same User instance that implements the HasRole trait.

Are you using passport or just the standard api route? Will double check when I got the chance.

leandroruel commented 7 years ago

i'm using passport with api routes, but the method auth()->user()->hasRole() give that error i show above. keep me updated if you figure out something wrong, or release a fix.

Your package has the best docs, would be great some example test files to make it more complete too and to study more the package.

And if it help you, i'm checking the roles and permissions in a custom middleware using your package, then i'm passing it to the api array.

Kernel.php

 protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        'cors',
        'checkRole',
        ],
    ];
yajra commented 4 years ago

Please open a new ticket if needed. Thanks!