Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about LaratrustUserTrait::can #7

Closed
KKSzymanowski opened this issue Jun 15, 2016 · 5 comments
Closed

Question about LaratrustUserTrait::can #7

KKSzymanowski opened this issue Jun 15, 2016 · 5 comments

Comments

@KKSzymanowski
Copy link
Collaborator

KKSzymanowski commented Jun 15, 2016
edited
Loading

UPDATE: Probably the same question for hasRole()

I was wondering, shouldn't $user->can([]) return true when user has no permissions?

Example:
We have some collection of Things. Every one of the Things requires one from a set of permissions to access. Some of them don't require any permissions to access.
When a User doesn't have any permissions, he should still access the Thing that requires no permissions.

With current algorithm, in previously mentioned case User is forbidden to do that, because we return $requireAll which is false.
@KKSzymanowski
Copy link
Collaborator Author

KKSzymanowski commented Jun 15, 2016
edited
Loading

If my train of thought is correct, to fix it all that needs to be done is

if (is_array($permission)) {

    // --- BEGIN CHANGES ---
    if(empty($permissions)) {
        return true;
    }
    // --- END CHANGES ---

    foreach ($permission as $permName) {
        $hasPerm = $this->can($permName);

        if ($hasPerm && !$requireAll) {
            return true;
        } elseif (!$hasPerm && $requireAll) {
            return false;
        }
    }

    // If we've made it this far and $requireAll is FALSE, then NONE of the perms were found
    // If we've made it this far and $requireAll is TRUE, then ALL of the perms were found.
    // Return the value of $requireAll;
    return $requireAll;
}

in LaratrustUserTrait::can()

@santigarcor
Copy link
Owner

But why would you do something like this $user->can([]) ?

@KKSzymanowski
Copy link
Collaborator Author

KKSzymanowski commented Jun 15, 2016
edited
Loading

I don't have a good example, but let's give it a try:
Suppose we have rooms with multiple doors. A person has access to a room when he has a key to at least one of its doors. Some rooms can have doors that can't be locked so everyone can access this room.
To find out if a person can access specific room, we would call:

$person->hasKey($room->requiredKeys);

If a room has no lockable doors, the $room->requiredKeys would return [] so we would in fact call $person->hasKey([]);.

Back to the reality: We can have a system which works as described above and a set of required permissions(or roles) can be empty so we would do user->can([])(or user->hasRole([])) in some of the cases.

I hope I'm talking sense.

@santigarcor
Copy link
Owner

@KKSzymanowski I got your point. I'll change that

santigarcor added a commit that referenced this issue Jun 16, 2016
@santigarcor
Solves #7
a3fadd3 
If we check empty roles or empty permissions it returns true
@santigarcor
Copy link
Owner

a3fadd3 solves this

@phuongphally phuongphally mentioned this issue Apr 7, 2017
Closed
@sharjeelz sharjeelz mentioned this issue Sep 25, 2018
Closed
@Pen-y-Fan Pen-y-Fan mentioned this issue May 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@santigarcor @KKSzymanowski