Merge pull request #2382 from erikn69/patch-18

[v6] getPermissionsViaRoles, hasPermissionViaRole must be used only by authenticable
spatie · Mar 30, 2023 · b9d3013 · b9d3013
2 parents 56c068b + 29ec9ec
commit b9d3013
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/src/Traits/HasPermissions.php b/src/Traits/HasPermissions.php
@@ -22,7 +22,7 @@ trait HasPermissions
     /** @var string */
     private $permissionClass;
 
-    /** @var string */
+    /** @var string|false|null */
     private $wildcardClass;
 
     public static function bootHasPermissions()
@@ -61,7 +61,7 @@ protected function getWildcardClass()
 
         $this->wildcardClass = false;
 
-        if (config('permission.enable_wildcard_permission', false)) {
+        if (config('permission.enable_wildcard_permission')) {
             $this->wildcardClass = config('permission.wildcard_permission', WildcardPermission::class);
 
             if (! is_subclass_of($this->wildcardClass, Wildcard::class)) {
@@ -101,7 +101,7 @@ public function scopePermission(Builder $query, $permissions): Builder
     {
         $permissions = $this->convertToPermissionModels($permissions);
 
-        $rolesWithPermissions = array_unique(array_reduce($permissions, function ($result, $permission) {
+        $rolesWithPermissions = is_a($this, Role::class) ? []: array_unique(array_reduce($permissions, function ($result, $permission) {
             return array_merge($result, $permission->roles->all());
         }, []));
 
@@ -111,7 +111,7 @@ public function scopePermission(Builder $query, $permissions): Builder
                 $key = (new $permissionClass())->getKeyName();
                 $subQuery->whereIn(config('permission.table_names.permissions').".$key", \array_column($permissions, $key));
             });
-            if (count($rolesWithPermissions) > 0) {
+            if (count($rolesWithPermissions) > 0 && ! is_a($this, Role::class)) {
                 $query->orWhereHas('roles', function (Builder $subQuery) use ($rolesWithPermissions) {
                     $roleClass = $this->getRoleClass();
                     $key = (new $roleClass())->getKeyName();
@@ -287,6 +287,10 @@ public function hasAllPermissions(...$permissions): bool
      */
     protected function hasPermissionViaRole(Permission $permission): bool
     {
+        if (is_a($this, Role::class)) {
+            return false;
+        }
+
         return $this->hasRole($permission->roles);
     }
 
@@ -309,6 +313,10 @@ public function hasDirectPermission($permission): bool
      */
     public function getPermissionsViaRoles(): Collection
     {
+        if (is_a($this, Role::class) || is_a($this, Permission::class)) {
+            return collect();
+        }
+
         return $this->loadMissing('roles', 'roles.permissions')
             ->roles->flatMap(function ($role) {
                 return $role->permissions;