Custom primary key in users table error
pmtechnik opened this issue · 2 comments
pmtechnik commented
If you change your primary key on users table from 'id' to a custom one like 'user_id' you get wrong user roles. The cacheentry for user roles will be overwritten and a user is able to access resources he's not allowed to.
How to fix
Change:
$this_roles = \Cache::remember(
'acl.getRolesById_'.$this->id,
config('acl.cacheMinutes'),
function () {
return $this->roles;
}
);
To:
$this_roles = \Cache::remember(
'acl.getRolesById_'.$this->getKey(),
config('acl.cacheMinutes'),
function () {
return $this->roles;
}
);
The bug is in line 40 of HasRole.php file
kodeine commented
@profile-media can you please post a PR?