voyager icon indicating copy to clipboard operation
voyager copied to clipboard

Unclear behaviour of $this->authorize() method after append new admin's gate into DB for custom admin page

Open almakano opened this issue 4 years ago • 2 comments

Laravel version

7.30.4

PHP version

7.4.3

Voyager version

1.5.0

Database

MySQL 8.0.25

Description

There are dummy gate's values are used to check admin permissions with $this->authorize() method at src/VoyagerServiceProvider.php:46, like 'browse_admin', 'browse_bread'...

Is there are managable way to take these values from database table 'permissions' with query 'where table_name is NULL ' ?

Or what is correct way to append gate for custom admin page, like '/admin/some/custom/page' ?

Steps to reproduce

  1. add new row to table 'permissions' with key='browse_somepage'
  2. add $this->authorize('browse_somepage') at the top of some 'custom' method app\Http\Controllers\SomeController.php
  3. add new route to the controller method at routes/web.php like Route::get('some/page', 'SomeController@custom');

Expected behavior

Code should continue execution after call $this->authorize('browse_somepage') and not being restricted with 403 error

Screenshots

No response

Additional context

No response

almakano avatar Dec 28 '21 00:12 almakano

I found temporary replacement for method 'authorize':

if(!\Auth::user()->hasPermission('browse_somepage'))
	abort(403);

But still hope authorize method can be fixed

almakano avatar Dec 28 '21 14:12 almakano

There's nothing wrong with the authorize method. You're just missing a step. The authorize method (along with @can in the views and a few others) are Authorization mechanisms provided by Laravel, whereas the permissions table is provided by Voyager and Laravel's auth system knows nothing about it.

Voyager registers gates in VoyagerServiceProvider for each of those, as well as registering policy classes for each BREAD type. So you simply need to add a gate for your custom permission, much like Voyager does

fletch3555 avatar Dec 28 '21 15:12 fletch3555