thedevdojo
Unclear behaviour of $this->authorize() method after append new admin's gate into DB for custom admin page
Laravel version
7.30.4
PHP version
7.4.3
Voyager version
1.5.0
Database
MySQL 8.0.25
Description
There are dummy gate's values are used to check admin permissions with $this->authorize() method at src/VoyagerServiceProvider.php:46, like 'browse_admin', 'browse_bread'...
Is there are managable way to take these values from database table 'permissions' with query 'where table_name is NULL ' ?
Or what is correct way to append gate for custom admin page, like '/admin/some/custom/page' ?
Steps to reproduce
- add new row to table 'permissions' with key='browse_somepage'
- add $this->authorize('browse_somepage') at the top of some 'custom' method app\Http\Controllers\SomeController.php
- add new route to the controller method at routes/web.php like Route::get('some/page', 'SomeController@custom');
Expected behavior
Code should continue execution after call $this->authorize('browse_somepage') and not being restricted with 403 error
Screenshots
No response
Additional context
No response
I found temporary replacement for method 'authorize':
if(!\Auth::user()->hasPermission('browse_somepage'))
abort(403);
But still hope authorize method can be fixed
There's nothing wrong with the authorize method. You're just missing a step. The authorize method (along with @can in the views and a few others) are Authorization mechanisms provided by Laravel, whereas the permissions table is provided by Voyager and Laravel's auth system knows nothing about it.
Voyager registers gates in VoyagerServiceProvider for each of those, as well as registering policy classes for each BREAD type. So you simply need to add a gate for your custom permission, much like Voyager does
