cms icon indicating copy to clipboard operation
cms copied to clipboard

Published 20 hours ago verified publisher icon statamic

User tags don't work when you have multiple guards

Open stuartcusackie opened this issue 1 year ago • 4 comments

Bug description

One of my projects has multiple guards like so (web is my default guard):

'guards' => [
  'web' => [
    'driver' => 'session',
    'provider' => 'users',
  ],
  'statamic' => [
    'driver' => 'session',
    'provider' => 'statamic',
  ]
],

And I check permissions in Blade like so:

Statamic::tag('user:can')->param('permission', 'edit pages entries')->fetch()

This tag defaults to the 'web' guard, and therefore there are no permissions associated with the user.

It's easy to workaround without tags:

$user = auth()->guard('statamic')->user();
$result = $user->can('permission', 'edit {{ $page->collection->handle }} entries');

But I cannot figure out the next problem: I want to log out my Statamic user from a front-end toolbar but the returned url doesn't work because of the guard.

Statamic::tag('user:logout_url')->redirect($page->url ?? '/');

Can we get a guard option on all user tags? e.g.

Statamic::tag('user:can')->param('guard', 'statamic')->param('permission', 'edit pages entries')->fetch()
Statamic::tag('user:logout_url')->param('guard', 'statamic')->redirect($page->url ?? '/')

I could of course set the 'web' guard in config/statamic/users to 'statamic' but then that breaks Laravel's default auth directives.

This seems like a problem for both Antlers and Blade.

Thanks.

How to reproduce

Set up multiple guards as described and try to check permissions or generate logout urls while on the front-end.

Logs

No response

Environment

Version: 4.58.2 PRO

Installation

Fresh statamic/statamic site via CLI

Additional details

No response

stuartcusackie avatar Jul 22 '24 12:07 stuartcusackie

Out of curiosity, why do you need to have separate auth guards, if you're displaying info about the currently logged in CP user on the frontend of your site?

I'm sure you have a good use case for it, just trying to understand why you're doing it that way.

duncanmcclean avatar Jul 24 '24 14:07 duncanmcclean

I want to keep our website users separate to our Statamic users. I much rather use core laravel stuff and eloquent when interacting with users and handling notifications and payments. I'm keeping the Statamic users in yaml files and the website users in a traditional database, and I need two guards to do this.

The only thing I'm showing relating to the currently logged in CP user is an admin widget. It allows for quick editing of the currently viewed page and a way to log out, without visiting the control panel. So that's why I'm interacting with two guards on the front-end. Hope that makes sense.

stuartcusackie avatar Jul 24 '24 15:07 stuartcusackie

By the way, I also tried to generate a logout url manually, which is what the tag does:

route('statamic.logout', ['redirect' => $page->url ?? '/'])

But again this controller function doesn't accept a guard and the link it returns attempts to logout my 'web' users.

It's not a big deal but it would be nice if I could set the guard for Statamic tags without setting it as the default laravel guard.

stuartcusackie avatar Jul 24 '24 15:07 stuartcusackie

Cool - I wondered if it might be related to some kind of admin widget. 👍

duncanmcclean avatar Jul 25 '24 09:07 duncanmcclean