mardi 6 octobre 2015

Laravel 5.1.11 - ACL Policies not working as intended

I'm currently trying to get some ACL to work but it doesn't want how I want it to work.
The idea was to set up a "4-eyes principle" for my application.
It never passes as "allowed" and always jumps into false, no matter what I do.
I tried dd( strtolower(Auth::user()->getAuthIdentifier() ) == $order->creator) and it showed me true, which was right since I was logged on with the same user.
But the policies always return false, even with something like return 1 == 1 ...

I've followed the upgrade guide did all the steps for using ACL.

My AuthServiceProvider looks like this:

protected $policies = [
  'App\Http\Models\Order' => 'App\Policies\OrderPolicy',
];

OrderPolicy:

php
namespace App\Policies;

use App\Http\Models\Order;
use Krenor\LdapAuth\Objects\LdapUser as User;

class OrderPolicy
{
    public function update(User $user, Order $order)
    {
        return strtolower( $user->getAuthIdentifier() ) !== $order->creator;
    }

}

The controller with the gate:

public function update(Request $request, $id)
{
    $order = Order::find($id);

    if($request->user()->can('update', $order)){
        abort(418, 'Allowed. Also, I\'m a Teapot.');
    }
    else {
        abort(403, 'Denied!');
    }
}

My custom made user class looks like this:

namespace Krenor\LdapAuth\Objects;

use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Foundation\Auth\Access\Authorizable;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;

class LdapUser implements Authenticatable, AuthorizableContract
{
    use Authorizable;

    /**
     * @var string $samaccountname
     */
    protected $samaccountname;

    // ...

    /**
     * Get the unique identifier for the user.
     *
     * @return mixed
     */
    public function getAuthIdentifier()
    {
        return $this->samaccountname;
    }
}



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire