Skip to content

Commit

Permalink
Fixes santigarcor#488.
Browse files Browse the repository at this point in the history
  • Loading branch information
@derekrprice
derekrprice committed Feb 2, 2021
1 parent 875e23f commit b0ebb76
Show file tree
Hide file tree
Showing 6 changed files with 133 additions and 19 deletions.
2 changes: 1 addition & 1 deletion phpunit.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@
<directory suffix="Test.php">./tests/</directory>
</testsuite>
</testsuites>
</phpunit>
</phpunit>
16 changes: 7 additions & 9 deletions src/Middleware/LaratrustAbility.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ class LaratrustAbility extends LaratrustMiddleware
*/
public function handle($request, Closure $next, $roles, $permissions, $team = null, $options = '')
{
list($team, $validateAll, $guard) = $this->assignRealValuesTo($team, $options);
[$team, $validateAll, $guards] = $this->assignRealValuesTo($team, $options);

if (!is_array($roles)) {
$roles = explode(self::DELIMITER, $roles);
Expand All @@ -31,16 +31,14 @@ public function handle($request, Closure $next, $roles, $permissions, $team = nu
$permissions = explode(self::DELIMITER, $permissions);
}

if (
Auth::guard($guard)->guest()
|| !Auth::guard($guard)->user()
->ability($roles, $permissions, $team, [
foreach ($guards as $guard) {
if (!Auth::guard($guard)->guest() && Auth::guard($guard)->user()->ability($roles, $permissions, $team, [
'validate_all' => $validateAll
])
) {
return $this->unauthorized();
])) {
return $next($request);
}
}

return $next($request);
return $this->unauthorized();
}
}
24 changes: 16 additions & 8 deletions src/Middleware/LaratrustMiddleware.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,23 @@ class LaratrustMiddleware
*/
protected function authorization($type, $rolesPermissions, $team, $options)
{
list($team, $requireAll, $guard) = $this->assignRealValuesTo($team, $options);
[$team, $requireAll, $guards] = $this->assignRealValuesTo($team, $options);
$method = $type == 'roles' ? 'hasRole' : 'hasPermission';

if (!is_array($rolesPermissions)) {
$rolesPermissions = explode(self::DELIMITER, $rolesPermissions);
}

return !Auth::guard($guard)->guest()
&& Auth::guard($guard)->user()->$method($rolesPermissions, $team, $requireAll);
foreach ($guards as $guard) {
if (!Auth::guard($guard)->guest() && Auth::guard($guard)->user()->$method(
$rolesPermissions,
$team,
$requireAll
)) {
return true;
}
}
return false;
}

/**
Expand Down Expand Up @@ -70,10 +78,10 @@ protected function assignRealValuesTo($team, $options)
return [
(Str::contains($team, ['require_all', 'guard:']) ? null : $team),
(Str::contains($team, 'require_all') ?: Str::contains($options, 'require_all')),
(Str::contains($team, 'guard:') ? $this->extractGuard($team) : (
(Str::contains($team, 'guard:') ? $this->extractGuards($team) : (
Str::contains($options, 'guard:')
? $this->extractGuard($options)
: Config::get('auth.defaults.guard')
? $this->extractGuards($options)
: [Config::get('auth.defaults.guard')]
)),
];
}
Expand All @@ -84,14 +92,14 @@ protected function assignRealValuesTo($team, $options)
* @param string $string
* @return string
*/
protected function extractGuard($string)
protected function extractGuards($string)
{
$options = Collection::make(explode('|', $string));

return $options->reject(function ($option) {
return strpos($option, 'guard:') === false;
})->map(function ($option) {
return explode(':', $option)[1];
})->first();
});
}
}
2 changes: 1 addition & 1 deletion tests/Checkers/User/LaratrustUserCanCheckerTestCase.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
use Laratrust\Tests\LaratrustTestCase;
use Laratrust\Tests\Models\Permission;

class LaratrustUserCanCheckerTestCase extends LaratrustTestCase
abstract class LaratrustUserCanCheckerTestCase extends LaratrustTestCase
{
protected $user;

Expand Down
53 changes: 53 additions & 0 deletions tests/Middleware/LaratrustPermissionTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,59 @@ public function testHandle_IsLoggedInWithPermission_ShouldNotAbort()
}, 'users-create|users-update', 'TeamA', 'guard:api|require_all'));
}

public function testHandle_IsLoggedInWithPermissionAndMultipleGuards_ShouldNotAbort()
{
/*
|------------------------------------------------------------
| Set
|------------------------------------------------------------
*/
$guard2 = m::mock('Illuminate\Contracts\Auth\Guard');
$user = m::mock('Laratrust\Tests\Models\User')->makePartial();
$middleware = new LaratrustPermission($this->guard);

/*
|------------------------------------------------------------
| Expectation
|------------------------------------------------------------
*/
Auth::shouldReceive('guard')->with('api')->andReturn($this->guard);
Auth::shouldReceive('guard')->with('web')->andReturn($guard2);
$this->guard->shouldReceive('guest')->andReturn(true);
$guard2->shouldReceive('guest')->andReturn(false);
$guard2->shouldReceive('user')->andReturn($user);
$user->shouldReceive('hasPermission')
->with(
['users-create', 'users-update'],
m::anyOf(null, 'TeamA'),
m::anyOf(true, false)
)
->andReturn(true);

/*
|------------------------------------------------------------
| Assertion
|------------------------------------------------------------
*/
$this->assertNull($middleware->handle($this->request, function () {
}, 'users-create|users-update'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'users-create|users-update', 'guard:api|guard:web'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'users-create|users-update', 'require_all'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'users-create|users-update', 'guard:api|guard:web|require_all'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'users-create|users-update', 'TeamA', 'require_all'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'users-create|users-update', 'TeamA', 'guard:api|guard:web|require_all'));
}

public function testHandle_IsLoggedInWithNoPermission_ShouldRedirectWithError()
{
/*
Expand Down
55 changes: 55 additions & 0 deletions tests/Middleware/MiddlewareLaratrustAbilityTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,4 +143,59 @@ public function testHandle_IsLoggedInWithAbility_ShouldNotAbort()
$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users', 'TeamA', 'require_all|guard:api'));
}


public function testHandle_IsLoggedInWithAbilityAndMultipleGuards_ShouldNotAbort()
{
/*
|------------------------------------------------------------
| Set
|------------------------------------------------------------
*/
$guard2 = m::mock('Illuminate\Contracts\Auth\Guard');
$user = m::mock('Laratrust\Tests\Models\User')->makePartial();
$middleware = new LaratrustAbility($this->guard);

/*
|------------------------------------------------------------
| Expectation
|------------------------------------------------------------
*/
Auth::shouldReceive('guard')->with('api')->andReturn($this->guard);
Auth::shouldReceive('guard')->with('web')->andReturn($guard2);
$this->guard->shouldReceive('guest')->andReturn(true);
$guard2->shouldReceive('guest')->andReturn(false);
$guard2->shouldReceive('user')->andReturn($user);
$user->shouldReceive('ability')
->with(
['admin', 'user'],
['edit-users', 'update-users'],
m::anyOf(null, 'TeamA'),
m::anyOf(['validate_all' => true], ['validate_all' => false])
)
->andReturn(true);

/*
|------------------------------------------------------------
| Assertion
|------------------------------------------------------------
*/
$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users', 'guard:api|guard:web'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users', 'require_all'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users', 'guard:api|guard:web|require_all'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users', 'TeamA', 'require_all'));

$this->assertNull($middleware->handle($this->request, function () {
}, 'admin|user', 'edit-users|update-users', 'TeamA', 'require_all|guard:api|guard:web'));
}
}

0 comments on commit b0ebb76

Please sign in to comment.