Disallow Everyone not working as expected

Question

Disallow Everyone not working as expected

undjike opened this issue 2 years ago · 1 comments

Hello, I have this code...

$user = User::factory()->create();

Auth::login($user);

Bouncer::allow($user)->to('delete-entity', $entity);

$firstTest = Bouncer::can('delete-entity', $entity);

Bouncer::disallowEveryone()->to('delete-entity', $entity);

Bouncer::refreshFor($user);
Bouncer::refresh();

$secondTest = Bouncer::can('delete-entity', $entity);

The output is :

$firstTest = true
$secondTest = true

Expected behaviour :

$firstTest = true
$secondTest = false

Can anyone help?

Answer 1 · 2022-12-13T20:04:28.000Z

The "everyone" ability is a broader ability than the ability granted directly to a user. The disallowEveryone method simply removes a general ability that was previously granted via allowEveryone.