laravel-acl
laravel-acl copied to clipboard
kodeine
protect_alias slug resource route protection error
So I went about protecting my user routes with the protect_alias feature. Here are my test circumstances:
Database has:
A user (ID: 1),
A role (ID: 1) called "admin",
a permission assigned to it (name: users, slug: {"create":true, "edit":true))
Routes file has:
Route::group(['middleware' => ['auth', 'acl'], 'protect_alias' => 'users'], function () {
Route::resource( 'users', 'UsersController' );
});
And when I went to "/users", instead of telling me that I wasn't allowed, it gave me this:
in HasPermission.php line 122
at HandleExceptions->handleError('2', 'in_array() expects parameter 2 to be array, string given', '/home/vagrant/Sites/optimize3/vendor/kodeine/laravel-acl/src/Kodeine/Acl/Middleware/HasPermission.php', '122', array('k' => array('create', 'store'), 'v' => 'create', 'called' => 'create'))
at in_array('create', 'create') in HasPermission.php line 122
at HasPermission->Kodeine\Acl\Middleware\{closure}(array('create', 'store'), 'create')
at array_filter(array('create' => array('create', 'store'), 'store' => array('create', 'store'), 'read' => array('index', 'show'), 'view' => array('index', 'show'), 'edit' => array('edit', 'update'), 'update' => array('edit', 'update'), 'delete' => array('destroy')), object(Closure), '1') in Arr.php line 504
at Arr::where(array('create' => array('create', 'store'), 'store' => array('create', 'store'), 'read' => array('index', 'show'), 'view' => array('index', 'show'), 'edit' => array('edit', 'update'), 'update' => array('edit', 'update'), 'delete' => array('destroy')), object(Closure)) in helpers.php line 301
at array_where(array('create' => array('create', 'store'), 'store' => array('create', 'store'), 'read' => array('index', 'show'), 'view' => array('index', 'show'), 'edit' => array('edit', 'update'), 'update' => array('edit', 'update'), 'delete' => array('destroy')), object(Closure)) in HasPermission.php line 123
So naturally, I went a-lookin. Line 121-123 has these lines:
$crud = array_where($methods, function ($k, $v) use ($called) {
return in_array($called, $v);
});
and when dumped, has this:
"Methods: "
array:7 [▼
"create" => array:2 [▼
0 => "create"
1 => "store"
]
"store" => array:2 [▼
0 => "create"
1 => "store"
]
"read" => array:2 [▼
0 => "index"
1 => "show"
]
"view" => array:2 [▼
0 => "index"
1 => "show"
]
"edit" => array:2 [▼
0 => "edit"
1 => "update"
]
"update" => array:2 [▼
0 => "edit"
1 => "update"
]
"delete" => array:1 [▼
0 => "destroy"
]
]
"k: "
array:2 [▼
0 => "create"
1 => "store"
]
"v: "
"create"
"called:"
"create"
So, knowing all that...I just decided to start messin around in there (of course). I ended up changing return in_array($called, $v); to return in_array($called, $k);, and it suddenly started working as intended. As in, when I navigate a user with the admin role to /users/create, it allows it, and when i go to say, /users, it shows You are not authorized to access this resource..
In conclusion...I would expect MANY more people to run across this before me...so...I dunno what's goin on.
In common with many similar closure functions in Laravel 5.3, in array_where the parameter order has changed from ($key, $value) to ($value, $key):
$array = array_where($array, function ($value, $key) {
return is_string($value);
});
https://laravel.com/docs/5.3/helpers#method-array-where
This appears to be the only appearance of this in this package.
Whew! Glad you knew that. Alright, so ...seems like a simple fix ...! lol