Laravel-permission: Possible wrong default guard name

Created on 8 Oct 2017  路  8Comments  路  Source: spatie/laravel-permission

https://github.com/spatie/laravel-permission/blob/5a69cd5cc2f432cb9e42528f187907abfe26e62e/src/Traits/HasPermissions.php#L121

Shouldn't it be the inverse?

Its causing a problem where I have 'auth.defaults.guard' set to api but getDefaultGuardName() returns web because its first on the list of getGuardNames()

was going to make a PR but it broke a bunch of tests

picture williamoliveira

Most helpful comment

This should be documented, I just spent hour debugging why I get web guard instead of api...

Line from the docs (quoted below) is lie misleading:

By default the default guard (config('auth.defaults.guard')) will be used as the guard for new permissions and roles.

picture Kyslik on 23 Nov 2017
👍3

All 8 comments

Ya, switching it to the inverse also won't get the desired results.

getDefaultGuardName() is invoked (directly or indirectly) by pretty much all of the Permission-related functions, ie: hasPermissionTo, givePermissionTo, revokePermissionTo, and by scopes like scopePermission and scopeRole.
Fortunately or unfortunately that means changing that code will affect everything.

Pinging @AlexVanderbist for input ...

drbyte picture drbyte on 9 Oct 2017

When getting the default guard name using getDefaultGuardName I assumed the following order:

  1. If the user has explicitly specified the guard_name on the model use that as the default guard name
  2. If the model is assigned directly to a guard in the config (through a provider) return that guard's name
  3. If multiple guards are assigned to the model in the config return the first guard's name
  4. If the model (somehow) isn't assigned to any guard in the config return the auth.defaults.guard name

I agree that when getGuardNames() returns the default auth.defaults.guard as one of the guard names it should probably use that as the default (instead of the first one). However I can't think of a way to implement this without making breaking changes...

I'd suggest using different models for every guard for the time being. This can easily be accomplished by extending the User model in an ApiUser class or something similar.

AlexVanderbist picture AlexVanderbist on 10 Oct 2017
👍1

Got it, thank you guys

williamoliveira picture williamoliveira on 10 Oct 2017

This should be documented, I just spent hour debugging why I get web guard instead of api...

Line from the docs (quoted below) is lie misleading:

By default the default guard (config('auth.defaults.guard')) will be used as the guard for new permissions and roles.

Kyslik picture Kyslik on 23 Nov 2017
👍3

@Kyslik thanks for pointing this out. Feel free to PR a change to the docs and we'll merge it in

AlexVanderbist picture AlexVanderbist on 23 Nov 2017
😕1

@AlexVanderbist hey, I am non-native english speaker, and I can not imagine formulating a good sentence. Will this do?

By default the default guard is a guard which is first defined in auth.guards config array.

馃槅 three times guard term is used, sure its confusing...

Kyslik picture Kyslik on 24 Nov 2017

@AlexVanderbist wow, I fixed it, Thank you so much <3

tranvanthuc picture tranvanthuc on 7 Jun 2018

This is still not documented I think.

Kyslik picture Kyslik on 9 Jun 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hosseinnedaei picture hosseinnedaei  路  3Comments
enghelewa picture enghelewa  路  4Comments
ghost picture ghost  路  3Comments
dylangeorgeharbour picture dylangeorgeharbour  路  3Comments
NattananWs picture NattananWs  路  3Comments