I'm currently trying to get some ACL to work but it doesn't want how I want it to work.
The idea was to set up a "4-eyes principle" for my application.
It never passes as "allowed" and always jumps into false, no matter what I do.
I tried dd( strtolower(Auth::user()->getAuthIdentifier() ) == $order->creator) and it showed me true, which was right since I was logged on with the same user.
But the policies always return false, even with something like return 1 == 1 ...
I've followed the upgrade guide did all the steps for using ACL.
My AuthServiceProvider looks like this:
protected $policies = [
'App\Http\Models\Order' => 'App\Policies\OrderPolicy',
];
OrderPolicy:
php
namespace App\Policies;
use App\Http\Models\Order;
use Krenor\LdapAuth\Objects\LdapUser as User;
class OrderPolicy
{
public function update(User $user, Order $order)
{
return strtolower( $user->getAuthIdentifier() ) !== $order->creator;
}
}
The controller with the gate:
public function update(Request $request, $id)
{
$order = Order::find($id);
if($request->user()->can('update', $order)){
abort(418, 'Allowed. Also, I\'m a Teapot.');
}
else {
abort(403, 'Denied!');
}
}
My custom made user class looks like this:
namespace Krenor\LdapAuth\Objects;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Foundation\Auth\Access\Authorizable;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
class LdapUser implements Authenticatable, AuthorizableContract
{
use Authorizable;
/**
* @var string $samaccountname
*/
protected $samaccountname;
// ...
/**
* Get the unique identifier for the user.
*
* @return mixed
*/
public function getAuthIdentifier()
{
return $this->samaccountname;
}
}
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire