Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constructor throws User doesn't have the right permissions but login via passport works okay. #2554

Closed
mohanad69 opened this issue Nov 13, 2023 · 12 comments
Closed

Constructor throws User doesn't have the right permissions but login via passport works okay. #2554

mohanad69 opened this issue Nov 13, 2023 · 12 comments

Comments

@mohanad69
Copy link

after seeding permissions, seeding roles and give permissions to them, adding new user and assign role. if found the follwoing
1- login response return all permissions correctly.
2- trying add middleware in constructor, it gives me user doesn't have the right permissions.
3
2
1
@parallels999
Copy link
Contributor

maybe wrong guard

@drbyte
Copy link
Collaborator

drbyte commented Nov 14, 2023
edited

Yes, I'd be checking what guard the user is connected with.
What middleware is on the route to that controller?

Also, as a troubleshooting tool you could enable the detailed output of the exception, via the config file:

laravel-permission/config/permission.php

Lines 132 to 138 in c66c0de

/*
* When set to true, the required permission names are added to exception messages.
* This could be considered an information leak in some contexts, so the default
* setting is false here for optimum safety.
*/
'display_permission_in_exception' => false,

@mohanad69
Copy link
Author

mohanad69 commented Nov 15, 2023 via email

@mohanad69
Copy link
Author

mohanad69 commented Nov 15, 2023
edited

i'am using gurad like below

 'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

my route middleware is auth:api like below:

Route::group(['middleware' => 'auth:api'], function () {
    Route::resource('subscriptionTypes', SubscriptionTypeController::class);
});

@parallels999
Copy link
Contributor

https://spatie.be/docs/laravel-permission/v6/basic-usage/middleware#content-middleware-via-routes
$this->middleware(['get_permission:subscription_types,api']);

@mohanad69
Copy link
Author

i don't need use permission middleware in route. i want to use it in constructor controller.

@parallels999
Copy link
Contributor

It seems like you're very lost, that's what I wrote.

$this->middleware(['get_permission:subscription_types,api']);

@mohanad69
Copy link
Author

mohanad69 commented Nov 15, 2023
edited

iam using api routes so, middleware shoud be auth:api. all permissions are loaded with user response but while using these permissions in controller constructor it give me the mentioned error above in comments.

{
"user": {
"id": 1,
"name": "admin",
"email": "admin@admin.com",
"email_verified_at": null,
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"deleted_at": null,
"roles": [
{
"id": 1,
"name": "admin",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"role_id": 1
}
}
],
"permissions": [
{
"id": 1,
"name": "get_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 1
}
},
{
"id": 2,
"name": "add_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 2
}
},
{
"id": 3,
"name": "edit_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 3
}
},
{
"id": 4,
"name": "delete_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 4
}
},
{
"id": 5,
"name": "get_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 5
}
},
{
"id": 6,
"name": "add_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 6
}
},
{
"id": 7,
"name": "edit_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 7
}
},
{
"id": 8,
"name": "delete_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 8
}
},
{
"id": 9,
"name": "get_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 9
}
},
{
"id": 10,
"name": "add_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 10
}
},
{
"id": 11,
"name": "edit_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 11
}
},
{
"id": 12,
"name": "delete_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 12
}
},
{
"id": 13,
"name": "get_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 13
}
},
{
"id": 14,
"name": "add_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 14
}
},
{
"id": 15,
"name": "edit_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 15
}
},
{
"id": 16,
"name": "delete_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 16
}
}
]
},
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIxIiwianRpIjoiMGFiOGNiYTllZmJhNmI5ZWI0NWFmNDdhY2JmZTBjOTg3ODdlNjc3Y2Y1YjBiZTQ3ODQ0MzhlMTM1ZTc0NDE3M2I3NTA2OWFjMTE3ODRmN2IiLCJpYXQiOjE3MDAwODUxNzcuMjc2MTU3LCJuYmYiOjE3MDAwODUxNzcuMjc2MTYsImV4cCI6MTczMTcwNzU3Ny4yNjQ3NjMsInN1YiI6IjEiLCJzY29wZXMiOltdfQ.l9ZMQZl_xGpiqvCKgnlgk51N5AhILmypZ5aRO_wmOa7y9ySyED9C9ff17lJeQtcOvhWIGFbdSvhQSJUT54XQ4tBaaSLrB27q0f5xC7yvACYD8RJvcBdf7wlXitgBN8spGYQEL8imvUBW9XrYGfjbGcT4SpmmWBB8vKhaDAlxCDzw3feH1yCgWpAqlm0-9mQYqQzm6LK0UD3kHk_jDdq5h9h4sziszaM9jqORWoOwfKSsOsrraEpg4ngpDKK-2rI0vt-XGuLkVPQbG8vNDVrH56_3ATzBvLmg35jyZYQamGDbxb1f25MSN07qHIKxp2Cyh6cvFuP-JzfBx8vrDOS6SQK92BpZLoe0je7RpMSjBjHEbs_w00EKvev7yeMtS1PRk6vTO0Q2-HDrxliYen3J34IlXQ9zW-v4rS0wi9FM9_1uduPsuNjjW80nw3mkSynUUYc0sbDp9XNYPL14FSBjGkwv4CRMjF309lY7biv9XNDeBKka5_99Yl7mSALSUDtnwvVh1qBkldwAjzVT6-96HX2loDkKbsF-I23tJY258crup3o3i0E3LbIb9RuzPVQi_-Z15pOF2n7vtXIHbIDIHQ6MrNqkVSGDaRbyPwxxRUmD8wc2FgVjqRmUORhJslpVUOK_r8C02LaaWuiLXerhb_cOnZ2laqzshdgqQngieYk",
"type": "Bearer",
"role": [
"admin"
],
"permissions": [
{
"id": 1,
"name": "get_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 1
}
},
{
"id": 2,
"name": "add_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 2
}
},
{
"id": 3,
"name": "edit_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 3
}
},
{
"id": 4,
"name": "delete_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 4
}
},
{
"id": 5,
"name": "get_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 5
}
},
{
"id": 6,
"name": "add_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 6
}
},
{
"id": 7,
"name": "edit_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 7
}
},
{
"id": 8,
"name": "delete_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 8
}
},
{
"id": 9,
"name": "get_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 9
}
},
{
"id": 10,
"name": "add_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 10
}
},
{
"id": 11,
"name": "edit_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 11
}
},
{
"id": 12,
"name": "delete_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 12
}
},
{
"id": 13,
"name": "get_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 13
}
},
{
"id": 14,
"name": "add_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 14
}
},
{
"id": 15,
"name": "edit_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 15
}
},
{
"id": 16,
"name": "delete_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 16
}
}
]
}

@parallels999
Copy link
Contributor

maybe wrong guard

Confirmed

@mohanad69
Copy link
Author

mohanad69 commented Nov 15, 2023
edited

here is my guards in config/auth.php

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

@drbyte
Copy link
Collaborator

drbyte commented Nov 15, 2023

iam using api routes so, middleware shoud be auth:api. all permissions are loaded with user response but while using these permissions in controller constructor it give me the mentioned error above in comments.

Okay, so your app requires users to login with a username via the api guard. And passport is handling that authentication. Great.

But then your user is logged in with the api guard. But all your permissions are assigned to the web guard. Therefore your users who are connected via api will never be able to experience the permissions defined only for web users.

Simplest solution: use only 1 guard in your application: delete the web guard from config/auth.php and change all your permissions/roles from 'web' to 'api'.

@mohanad69
Copy link
Author

mohanad69 commented Nov 15, 2023
edited

You are right. the solution is :
1- add protected $guard_name = "api"; in user model.
2- add guard name = 'api' in role seeder.
3- add guard to config auth.php
4- add guard name = 'api' in permission seeder.
it worked for me thanks.

@drbyte drbyte changed the title Laravel 10 Controller Construct Middleware Issue Constructor throws User doesn't have the right permissions but login via passport works okay. Nov 15, 2023
@drbyte drbyte closed this as completed Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@drbyte @mohanad69 @parallels999