sebastienheyd/boilerplate

Permission always return false

thracefields opened this issue · 1 comments

Let's say we have that code for example:
Route::resource('countries', CountryController::class)->except(['show', 'destroy'])->middleware(['permssion:tools']);

Even if I am admin, it always say 403.

I have to use this syntax to work:
Route::resource('countries', CountryController::class)->except(['show', 'destroy'])->middleware(['ability:admin,tools']);

The permission doesn't have category.

If you don't use ability to say that admin is authorized, admin will not be authorized.

The reason is simple, admin is a role, unlike what you can see on the role's edit page, permissions aren't really assigned to this role (see in the db).

So if we check if admin has a permission, he'll never get it.

This was done so that when adding a "boilerplate" package, there's no need to attach permissions to the admin role. Otherwise, a migrate would have to be created each time to attach the permissions to the role.

I hope my explanation is clear