allowed method returns only explicit resource

Question

allowed method returns only explicit resource

Opened this issue 10 years ago · 2 comments

simsim2006 commented 10 years ago

the allowed method only return explicit resource -> it doesn't return resources allowed to role that a caller inherits.

Ie :
Role ABC has privilege on Resource 1
And
Caller XYZ has privilege on Resource 2
And
Caller XYZ has Role ABC

when I make : $lock->caller($caller)->allowed(xxxx), it returns only [Resource 2]

Answer 1 · 2015-04-30T08:41:33.000Z

Some tests to prove it :
(I made the tests using resource Id as a string (not integer) (see open pull request))
/** @test */
final function it_can_return_allowed_resource_ids_between_inherited_roles(){
$this->getRoleLock('user')->allow('update', 'resource', 'abc');
$this->manager->setRole('user', 'admin');
$this->getRoleLock('admin')->allow('update', 'resource', 'def');

    $expected = ['abc', 'def'];
    $result = $this->getRoleLock('user')->allowed('update', 'resource');
    sort($expected, SORT_STRING);
    sort($result, SORT_STRING);
    $this->assertEquals($expected, $result);
}

/** @test */
final function it_can_return_allowed_resource_ids_from_inherited_roles(){
    $this->getCallerLock()->allow('update', 'resource', 'abc');
    $this->manager->setRole('admin');
    $this->getRoleLock('admin')->allow('update', 'resource', 'def');

    $expected = ['abc', 'def'];
    $result = $this->getCallerLock()->allowed('update', 'resource');
    var_dump($result);
    sort($expected, SORT_STRING);
    sort($result, SORT_STRING);
    $this->assertEquals($expected, $result);
}

Answer 2 · 2015-10-19T09:10:12.000Z

Hi,

I have the same issue.

Is it possible to fix this problem ?

Thanks for your job