Constructor throws `User doesn't have the right permissions` but login via passport works okay.
mohanad69 opened this issue · 12 comments
maybe wrong guard
Yes, I'd be checking what guard the user is connected with.
What middleware is on the route
to that controller?
Also, as a troubleshooting tool you could enable the detailed output of the exception, via the config file:
laravel-permission/config/permission.php
Lines 132 to 138 in c66c0de
i'am using gurad like below
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
my route middleware is auth:api like below:
Route::group(['middleware' => 'auth:api'], function () {
Route::resource('subscriptionTypes', SubscriptionTypeController::class);
});
https://spatie.be/docs/laravel-permission/v6/basic-usage/middleware#content-middleware-via-routes
$this->middleware(['get_permission:subscription_types,api']);
i don't need use permission middleware in route. i want to use it in constructor controller.
It seems like you're very lost, that's what I wrote.
$this->middleware(['get_permission:subscription_types,api']);
iam using api routes so, middleware shoud be auth:api. all permissions are loaded with user response but while using these permissions in controller constructor it give me the mentioned error above in comments.
{
"user": {
"id": 1,
"name": "admin",
"email": "admin@admin.com",
"email_verified_at": null,
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"deleted_at": null,
"roles": [
{
"id": 1,
"name": "admin",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"role_id": 1
}
}
],
"permissions": [
{
"id": 1,
"name": "get_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 1
}
},
{
"id": 2,
"name": "add_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 2
}
},
{
"id": 3,
"name": "edit_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 3
}
},
{
"id": 4,
"name": "delete_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 4
}
},
{
"id": 5,
"name": "get_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 5
}
},
{
"id": 6,
"name": "add_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 6
}
},
{
"id": 7,
"name": "edit_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 7
}
},
{
"id": 8,
"name": "delete_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 8
}
},
{
"id": 9,
"name": "get_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 9
}
},
{
"id": 10,
"name": "add_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 10
}
},
{
"id": 11,
"name": "edit_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 11
}
},
{
"id": 12,
"name": "delete_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 12
}
},
{
"id": 13,
"name": "get_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 13
}
},
{
"id": 14,
"name": "add_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 14
}
},
{
"id": 15,
"name": "edit_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 15
}
},
{
"id": 16,
"name": "delete_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 16
}
}
]
},
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIxIiwianRpIjoiMGFiOGNiYTllZmJhNmI5ZWI0NWFmNDdhY2JmZTBjOTg3ODdlNjc3Y2Y1YjBiZTQ3ODQ0MzhlMTM1ZTc0NDE3M2I3NTA2OWFjMTE3ODRmN2IiLCJpYXQiOjE3MDAwODUxNzcuMjc2MTU3LCJuYmYiOjE3MDAwODUxNzcuMjc2MTYsImV4cCI6MTczMTcwNzU3Ny4yNjQ3NjMsInN1YiI6IjEiLCJzY29wZXMiOltdfQ.l9ZMQZl_xGpiqvCKgnlgk51N5AhILmypZ5aRO_wmOa7y9ySyED9C9ff17lJeQtcOvhWIGFbdSvhQSJUT54XQ4tBaaSLrB27q0f5xC7yvACYD8RJvcBdf7wlXitgBN8spGYQEL8imvUBW9XrYGfjbGcT4SpmmWBB8vKhaDAlxCDzw3feH1yCgWpAqlm0-9mQYqQzm6LK0UD3kHk_jDdq5h9h4sziszaM9jqORWoOwfKSsOsrraEpg4ngpDKK-2rI0vt-XGuLkVPQbG8vNDVrH56_3ATzBvLmg35jyZYQamGDbxb1f25MSN07qHIKxp2Cyh6cvFuP-JzfBx8vrDOS6SQK92BpZLoe0je7RpMSjBjHEbs_w00EKvev7yeMtS1PRk6vTO0Q2-HDrxliYen3J34IlXQ9zW-v4rS0wi9FM9_1uduPsuNjjW80nw3mkSynUUYc0sbDp9XNYPL14FSBjGkwv4CRMjF309lY7biv9XNDeBKka5_99Yl7mSALSUDtnwvVh1qBkldwAjzVT6-96HX2loDkKbsF-I23tJY258crup3o3i0E3LbIb9RuzPVQi_-Z15pOF2n7vtXIHbIDIHQ6MrNqkVSGDaRbyPwxxRUmD8wc2FgVjqRmUORhJslpVUOK_r8C02LaaWuiLXerhb_cOnZ2laqzshdgqQngieYk",
"type": "Bearer",
"role": [
"admin"
],
"permissions": [
{
"id": 1,
"name": "get_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 1
}
},
{
"id": 2,
"name": "add_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 2
}
},
{
"id": 3,
"name": "edit_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 3
}
},
{
"id": 4,
"name": "delete_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 4
}
},
{
"id": 5,
"name": "get_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 5
}
},
{
"id": 6,
"name": "add_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 6
}
},
{
"id": 7,
"name": "edit_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 7
}
},
{
"id": 8,
"name": "delete_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 8
}
},
{
"id": 9,
"name": "get_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 9
}
},
{
"id": 10,
"name": "add_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 10
}
},
{
"id": 11,
"name": "edit_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 11
}
},
{
"id": 12,
"name": "delete_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 12
}
},
{
"id": 13,
"name": "get_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 13
}
},
{
"id": 14,
"name": "add_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 14
}
},
{
"id": 15,
"name": "edit_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 15
}
},
{
"id": 16,
"name": "delete_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 16
}
}
]
}
maybe wrong guard
Confirmed
here is my guards in config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
iam using api routes so, middleware shoud be auth:api. all permissions are loaded with user response but while using these permissions in controller constructor it give me the mentioned error above in comments.
Okay, so your app requires users to login with a username via the api
guard. And passport
is handling that authentication. Great.
But then your user is logged in with the api guard. But all your permissions are assigned to the web
guard. Therefore your users who are connected via api
will never be able to experience the permissions defined only for web
users.
Simplest solution: use only 1 guard in your application: delete the web
guard from config/auth.php
and change all your permissions/roles from 'web'
to 'api'
.
You are right. the solution is :
1- add protected $guard_name = "api";
in user model.
2- add guard name = 'api' in role seeder.
3- add guard to config auth.php
4- add guard name = 'api' in permission seeder.
it worked for me thanks.