From a7459625cee7d0e2af59335ebbfb716f62096a04 Mon Sep 17 00:00:00 2001 From: Santiago Garcia Date: Mon, 17 Apr 2023 09:44:41 -0500 Subject: [PATCH] Allow giving the gate permissions teams and require all parameters --- src/LaratrustServiceProvider.php | 12 +++++++-- .../User/CanAbilityDefaultCheckerTest.php | 26 ------------------- ...CheckerTestCase.php => CanCheckerTest.php} | 22 +++++++++++++--- 3 files changed, 28 insertions(+), 32 deletions(-) delete mode 100644 tests/Checkers/User/CanAbilityDefaultCheckerTest.php rename tests/Checkers/User/{CanCheckerTestCase.php => CanCheckerTest.php} (74%) diff --git a/src/LaratrustServiceProvider.php b/src/LaratrustServiceProvider.php index 627e1f74..6686b7d2 100644 --- a/src/LaratrustServiceProvider.php +++ b/src/LaratrustServiceProvider.php @@ -7,6 +7,7 @@ use Illuminate\Contracts\Auth\Access\Authorizable; use Illuminate\Contracts\Auth\Access\Gate; use Illuminate\Database\Eloquent\Relations\Relation; +use Illuminate\Support\Collection; use Illuminate\Support\Facades\Blade; use Illuminate\Support\Facades\Route; use Illuminate\Support\ServiceProvider; @@ -162,9 +163,16 @@ protected function registerPermissionsToGate() return; } - app(Gate::class)->before(function (Authorizable $user, mixed $ability) { + app(Gate::class)->before(function (Authorizable $user, mixed $ability, $attributes) { if (method_exists($user, 'hasPermission')) { - return $user->hasPermission($ability) ?: null; + $team = Collection::make($attributes) + ->filter(fn ($attr) => ! is_bool($attr)) + ->first(); + $requireAll = Collection::make($attributes) + ->filter(fn ($attr) => is_bool($attr)) + ->first() || false; + + return $user->hasPermission($ability, $team, $requireAll) ?: null; } }); } diff --git a/tests/Checkers/User/CanAbilityDefaultCheckerTest.php b/tests/Checkers/User/CanAbilityDefaultCheckerTest.php deleted file mode 100644 index ea807ac8..00000000 --- a/tests/Checkers/User/CanAbilityDefaultCheckerTest.php +++ /dev/null @@ -1,26 +0,0 @@ -set('laratrust.checker', 'default'); - $app['config']->set('laratrust.permissions_as_gates', true); - } - - public function testCanShouldReturnBoolean() - { - $this->canShouldReturnBooleanAssertions(); - } -} diff --git a/tests/Checkers/User/CanCheckerTestCase.php b/tests/Checkers/User/CanCheckerTest.php similarity index 74% rename from tests/Checkers/User/CanCheckerTestCase.php rename to tests/Checkers/User/CanCheckerTest.php index ab52be1e..017784b8 100644 --- a/tests/Checkers/User/CanCheckerTestCase.php +++ b/tests/Checkers/User/CanCheckerTest.php @@ -8,9 +8,10 @@ use Laratrust\Tests\LaratrustTestCase; use Laratrust\Tests\Models\Permission; use Laratrust\Tests\Models\Role; +use Laratrust\Tests\Models\Team; use Laratrust\Tests\Models\User; -abstract class CanCheckerTestCase extends LaratrustTestCase +class CanCheckerTest extends LaratrustTestCase { protected $user; @@ -19,7 +20,7 @@ protected function setUp(): void parent::setUp(); $this->migrate(); - + Team::create(['name' => 'team_a']); $permissionA = Permission::create(['name' => 'permission_a']); $permissionB = Permission::create(['name' => 'permission_b']); @@ -31,7 +32,16 @@ protected function setUp(): void $this->user->addRole($role); } - protected function canShouldReturnBooleanAssertions() + protected function getEnvironmentSetUp($app) + { + parent::getEnvironmentSetUp($app); + + $app['config']->set('laratrust.teams.enabled', true); + $app['config']->set('laratrust.checker', 'default'); + $app['config']->set('laratrust.permissions_as_gates', true); + } + + public function testCanShouldReturnBoolean() { /* |------------------------------------------------------------ @@ -41,10 +51,14 @@ protected function canShouldReturnBooleanAssertions() // Case: User has everything. $this->assertTrue( $this->user->can( - [EnumsPermission::PERM_A, 'permission_b'] + [EnumsPermission::PERM_A->value, 'permission_b'] ) ); + $this->assertFalse( + $this->user->can(EnumsPermission::PERM_A->value, ['team_a']) + ); + // Case: User lacks a permission. if (method_exists($this->user, 'canAny')) { $this->assertTrue(