From af6d489d91c7385aa2c678f4f5bcbe1716db84d5 Mon Sep 17 00:00:00 2001 From: Holger Schmermbeck Date: Sun, 9 Nov 2025 20:52:09 +0100 Subject: [PATCH] fix(tests): migrate permission system from web to sanctum guard - Update RoleApiTest.php: Add guard_name='sanctum' to all Permission and Role creation - Update PersonApiTest.php: Change guard_name from 'web' to 'sanctum' - Add $guard_name='sanctum' property to User model with PHPDoc type hint - Resolves guard mismatch causing 403 Forbidden errors in permission checks - All 207 tests passing (623 assertions) Fixes #126 Fixes #127 Fixes #128 Fixes #129 Part of: #125 --- CHANGELOG.md | 9 +++++++++ app/Models/User.php | 8 ++++++++ tests/Feature/PersonApiTest.php | 4 ++-- tests/Feature/RoleApiTest.php | 8 ++++---- 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df5a40b..2b63553 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- **Permission System Guard Migration** - Migrated from 'web' to 'sanctum' guard (#126, #127, #128, #129) + - Fixed `RoleApiTest.php` - Added explicit `guard_name='sanctum'` to all Permission and Role creation + - Fixed `PersonApiTest.php` - Changed `guard_name` from 'web' to 'sanctum' for person permissions + - Added `$guard_name = 'sanctum'` property to User model for Spatie Laravel-Permission + - Resolves 403 Forbidden errors caused by guard mismatch between sanctum authentication and web permissions + - All 40 tests now passing (146 assertions) + ### Added - **Git Conflict Marker Detection** - Automated check for unresolved merge conflicts diff --git a/app/Models/User.php b/app/Models/User.php index 74337aa..050618c 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -19,6 +19,14 @@ class User extends Authenticatable /** @use HasFactory<\Database\Factories\UserFactory> */ use HasApiTokens, HasFactory, HasRoles, Notifiable; + /** + * The guard name for Spatie Laravel-Permission. + * Must match the authentication guard used in routes (sanctum). + * + * @var string + */ + protected $guard_name = 'sanctum'; + /** * The attributes that are mass assignable. * diff --git a/tests/Feature/PersonApiTest.php b/tests/Feature/PersonApiTest.php index 880cae7..7bb87cb 100644 --- a/tests/Feature/PersonApiTest.php +++ b/tests/Feature/PersonApiTest.php @@ -28,8 +28,8 @@ $this->token = $this->user->createToken('test-device')->plainTextToken; // Create global permissions (not team-scoped for this test) - Permission::create(['name' => 'person.write', 'guard_name' => 'web']); - Permission::create(['name' => 'person.read', 'guard_name' => 'web']); + Permission::create(['name' => 'person.write', 'guard_name' => 'sanctum']); + Permission::create(['name' => 'person.read', 'guard_name' => 'sanctum']); }); afterEach(function (): void { diff --git a/tests/Feature/RoleApiTest.php b/tests/Feature/RoleApiTest.php index 9b76561..421c5e2 100644 --- a/tests/Feature/RoleApiTest.php +++ b/tests/Feature/RoleApiTest.php @@ -35,12 +35,12 @@ $this->targetUser = User::factory()->create(); // Create test role - $this->role = Role::create(['name' => 'manager']); + $this->role = Role::create(['name' => 'manager', 'guard_name' => 'sanctum']); // Create permissions (global, not team-scoped) - Permission::create(['name' => 'role.assign']); - Permission::create(['name' => 'role.revoke']); - Permission::create(['name' => 'role.read']); + Permission::create(['name' => 'role.assign', 'guard_name' => 'sanctum']); + Permission::create(['name' => 'role.revoke', 'guard_name' => 'sanctum']); + Permission::create(['name' => 'role.read', 'guard_name' => 'sanctum']); }); afterEach(function (): void {