Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission inheritance issue when working with roles. #168

Open
QuentinPetel opened this issue Nov 15, 2016 · 0 comments
Open

Permission inheritance issue when working with roles. #168

QuentinPetel opened this issue Nov 15, 2016 · 0 comments

Comments

@QuentinPetel
Copy link

QuentinPetel commented Nov 15, 2016
edited
Loading

I have the following roles on a project :

$roles = [
    ['id' => '1', 'name' => 'user',             'slug' => Str::slug('user'),            'description' => 'Membre du site.'],
    ...
    ['id' => '7', 'name' => 'admin_super',      'slug' => Str::slug('admin_super'),     'description' => 'Super administrateur.']
];

with the following permissions :

...
[   'id'    => '16',
    'name'  => 'public_room',
    'slug'  => [
        'view'      => true,
        'create'    => false,
        'update'    => false,
        'delete'    => false
        ],
    'description' => 'Autorisations concernant les conversations publiques.'
],
[   'id'    => '17',
    'name'  => 'public_room.manager',
    'slug'  => [
        'view'      => true,
        'create'    => true,
        'update'    => true,
        'delete'    => true
        ],
    'inherit_id' => '16',
    'description' => 'Autorisations concernant les conversations publiques. (privilèges administrateur).'
],
...

$roleUser = Role::where('slug', '=', Str::slug('user'))->first();
$roleUser->assignPermission([
    ...
    'public_room',
    ...
]);

$roleSuperAdmin = Role::where('slug', '=', Str::slug('admin_super'))->first();
$roleSuperAdmin->assignPermission([
    ...
    'public_room.manager',
    ...
]);

But for an user with this two roles, i get the followings permissions with $user->getPermissions() :

{
   "public_room":
   {
     "view":true,
     "create":false,
     "update":false,
     "delete":false
   }
}

whereas of :

{
   "public_room":
   {
     "view":true,
     "create":true,
     "update":true,
     "delete":true
   }
}

This is because of those lines in HasPermission.php :

// permissions based on role.
// more permissive permission wins
// if user has multiple roles we keep
// true values.
foreach ($this->roles as $role) {
    foreach ($role->getPermissions() as $slug => $array) {
        if ( array_key_exists($slug, $permissions) ) {
            foreach ($array as $clearance => $value) {
                **if( !array_key_exists( $clearance, $permissions[$slug] ) ) {**
                    ! $value ?: $permissions[$slug][$clearance] = true;
                }
            }
        } else {
            $permissions = array_merge($permissions, [$slug => $array]);
        }
    }
}

Because of this condition, if the key exist (view, create...), the value is never re-evaluated. So skip this line and it work just great.

foreach ($array as $clearance => $value) {
    ! $value ?: $permissions[$slug][$clearance] = true;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@QuentinPetel