kodeine/laravel-acl

Custom primary key in users table error

pmtechnik opened this issue · 2 comments

If you change your primary key on users table from 'id' to a custom one like 'user_id' you get wrong user roles. The cacheentry for user roles will be overwritten and a user is able to access resources he's not allowed to.

How to fix

Change:

$this_roles = \Cache::remember(
	'acl.getRolesById_'.$this->id,
	config('acl.cacheMinutes'),
	function () {
		return $this->roles;
	}
);

To:

$this_roles = \Cache::remember(
	'acl.getRolesById_'.$this->getKey(),
	config('acl.cacheMinutes'),
	function () {
		return $this->roles;
	}
);

The bug is in line 40 of HasRole.php file

@profile-media can you please post a PR?