From 0e9000308723bae3c70935f9f26b6b274c4c593a Mon Sep 17 00:00:00 2001
From: Eleazar Resendez <eleazar.resendez@processmaker.com>
Date: Mon, 11 Mar 2024 15:05:24 -0600
Subject: [PATCH 1/2] Add check for empty projects array

---
 ProcessMaker/Providers/AuthServiceProvider.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ProcessMaker/Providers/AuthServiceProvider.php b/ProcessMaker/Providers/AuthServiceProvider.php
index 0d87b7b240..8c7484d635 100644
--- a/ProcessMaker/Providers/AuthServiceProvider.php
+++ b/ProcessMaker/Providers/AuthServiceProvider.php
@@ -77,6 +77,11 @@ public function boot()
 
                     $projects = $this->getProjectsForUser($user->id);
 
+                    // If the user has no projects, return false.
+                    if (empty($projects)) {
+                        return false;
+                    }
+
                     // Check if the user has 'create-projects' permission and the request is from specific endpoints
                     // Users that ONLY have 'create-projects' permission are allowed to access specific endpoints
                     $isAllowedEndpoint = $this->checkAllowedEndpoints($projects, request()->path());

From a97b7d1cbade8258036fbfaaae7ace64b9343afb Mon Sep 17 00:00:00 2001
From: Eleazar Resendez <eleazar.resendez@processmaker.com>
Date: Mon, 11 Mar 2024 15:08:00 -0600
Subject: [PATCH 2/2] Fix sonarlint issues

---
 ProcessMaker/Providers/AuthServiceProvider.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/ProcessMaker/Providers/AuthServiceProvider.php b/ProcessMaker/Providers/AuthServiceProvider.php
index 8c7484d635..b69f07cbd7 100644
--- a/ProcessMaker/Providers/AuthServiceProvider.php
+++ b/ProcessMaker/Providers/AuthServiceProvider.php
@@ -63,6 +63,9 @@ public function boot()
             if ($user->is_administrator) {
                 return true;
             }
+
+            // Let other policies handle the request.
+            return null;
         });
 
         try {
@@ -70,14 +73,15 @@ public function boot()
             // Define the Gate permissions
             $permissions->each(function ($permission) {
                 Gate::define($permission->name, function (User $user, ...$params) use ($permission) {
+                    $authorized = false;
+
                     // Check if the user has the permission
                     if ($user->hasPermission($permission->name)) {
                         return true;
                     }
 
-                    $projects = $this->getProjectsForUser($user->id);
-
                     // If the user has no projects, return false.
+                    $projects = $this->getProjectsForUser($user->id);
                     if (empty($projects)) {
                         return false;
                     }
@@ -85,12 +89,11 @@ public function boot()
                     // Check if the user has 'create-projects' permission and the request is from specific endpoints
                     // Users that ONLY have 'create-projects' permission are allowed to access specific endpoints
                     $isAllowedEndpoint = $this->checkAllowedEndpoints($projects, request()->path());
-
                     if ($user->hasPermission('create-projects') && $isAllowedEndpoint) {
-                        return $this->isProjectAsset($permission, $params);
+                        $authorized = $this->isProjectAsset($permission, $params);
                     }
 
-                    return false;
+                    return $authorized;
                 });
             });
         } catch (\Exception $e) {