Constructor throws `User doesn't have the right permissions` but login via passport works okay.
mohanad69 opened this issue · 12 comments
after seeding permissions, seeding roles and give permissions to them, adding new user and assign role. if found the follwoing
1- login response return all permissions correctly.
2- trying add middleware in constructor, it gives me user doesn't have the right permissions.
maybe wrong guard
Yes, I'd be checking what guard the user is connected with.
What middleware is on the route to that controller?
Also, as a troubleshooting tool you could enable the detailed output of the exception, via the config file:
laravel-permission/config/permission.php
Lines 132 to 138 in c66c0de
i'am using gurad like below
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
my route middleware is auth:api like below:
Route::group(['middleware' => 'auth:api'], function () {
Route::resource('subscriptionTypes', SubscriptionTypeController::class);
});
https://spatie.be/docs/laravel-permission/v6/basic-usage/middleware#content-middleware-via-routes
$this->middleware(['get_permission:subscription_types,api']);
i don't need use permission middleware in route. i want to use it in constructor controller.
It seems like you're very lost, that's what I wrote.
$this->middleware(['get_permission:subscription_types,api']);
iam using api routes so, middleware shoud be auth:api. all permissions are loaded with user response but while using these permissions in controller constructor it give me the mentioned error above in comments.
{
"user": {
"id": 1,
"name": "admin",
"email": "admin@admin.com",
"email_verified_at": null,
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"deleted_at": null,
"roles": [
{
"id": 1,
"name": "admin",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"role_id": 1
}
}
],
"permissions": [
{
"id": 1,
"name": "get_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 1
}
},
{
"id": 2,
"name": "add_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 2
}
},
{
"id": 3,
"name": "edit_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 3
}
},
{
"id": 4,
"name": "delete_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 4
}
},
{
"id": 5,
"name": "get_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 5
}
},
{
"id": 6,
"name": "add_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 6
}
},
{
"id": 7,
"name": "edit_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 7
}
},
{
"id": 8,
"name": "delete_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 8
}
},
{
"id": 9,
"name": "get_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 9
}
},
{
"id": 10,
"name": "add_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 10
}
},
{
"id": 11,
"name": "edit_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 11
}
},
{
"id": 12,
"name": "delete_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 12
}
},
{
"id": 13,
"name": "get_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 13
}
},
{
"id": 14,
"name": "add_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 14
}
},
{
"id": 15,
"name": "edit_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 15
}
},
{
"id": 16,
"name": "delete_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 16
}
}
]
},
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIxIiwianRpIjoiMGFiOGNiYTllZmJhNmI5ZWI0NWFmNDdhY2JmZTBjOTg3ODdlNjc3Y2Y1YjBiZTQ3ODQ0MzhlMTM1ZTc0NDE3M2I3NTA2OWFjMTE3ODRmN2IiLCJpYXQiOjE3MDAwODUxNzcuMjc2MTU3LCJuYmYiOjE3MDAwODUxNzcuMjc2MTYsImV4cCI6MTczMTcwNzU3Ny4yNjQ3NjMsInN1YiI6IjEiLCJzY29wZXMiOltdfQ.l9ZMQZl_xGpiqvCKgnlgk51N5AhILmypZ5aRO_wmOa7y9ySyED9C9ff17lJeQtcOvhWIGFbdSvhQSJUT54XQ4tBaaSLrB27q0f5xC7yvACYD8RJvcBdf7wlXitgBN8spGYQEL8imvUBW9XrYGfjbGcT4SpmmWBB8vKhaDAlxCDzw3feH1yCgWpAqlm0-9mQYqQzm6LK0UD3kHk_jDdq5h9h4sziszaM9jqORWoOwfKSsOsrraEpg4ngpDKK-2rI0vt-XGuLkVPQbG8vNDVrH56_3ATzBvLmg35jyZYQamGDbxb1f25MSN07qHIKxp2Cyh6cvFuP-JzfBx8vrDOS6SQK92BpZLoe0je7RpMSjBjHEbs_w00EKvev7yeMtS1PRk6vTO0Q2-HDrxliYen3J34IlXQ9zW-v4rS0wi9FM9_1uduPsuNjjW80nw3mkSynUUYc0sbDp9XNYPL14FSBjGkwv4CRMjF309lY7biv9XNDeBKka5_99Yl7mSALSUDtnwvVh1qBkldwAjzVT6-96HX2loDkKbsF-I23tJY258crup3o3i0E3LbIb9RuzPVQi_-Z15pOF2n7vtXIHbIDIHQ6MrNqkVSGDaRbyPwxxRUmD8wc2FgVjqRmUORhJslpVUOK_r8C02LaaWuiLXerhb_cOnZ2laqzshdgqQngieYk",
"type": "Bearer",
"role": [
"admin"
],
"permissions": [
{
"id": 1,
"name": "get_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 1
}
},
{
"id": 2,
"name": "add_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 2
}
},
{
"id": 3,
"name": "edit_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 3
}
},
{
"id": 4,
"name": "delete_subscription_types",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 4
}
},
{
"id": 5,
"name": "get_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 5
}
},
{
"id": 6,
"name": "add_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 6
}
},
{
"id": 7,
"name": "edit_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 7
}
},
{
"id": 8,
"name": "delete_bundles",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 8
}
},
{
"id": 9,
"name": "get_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 9
}
},
{
"id": 10,
"name": "add_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 10
}
},
{
"id": 11,
"name": "edit_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 11
}
},
{
"id": 12,
"name": "delete_companies",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 12
}
},
{
"id": 13,
"name": "get_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 13
}
},
{
"id": 14,
"name": "add_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 14
}
},
{
"id": 15,
"name": "edit_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 15
}
},
{
"id": 16,
"name": "delete_subscriptions",
"guard_name": "web",
"created_at": "2023-11-15T21:48:20.000000Z",
"updated_at": "2023-11-15T21:48:20.000000Z",
"pivot": {
"model_type": "App\Models\User",
"model_id": 1,
"permission_id": 16
}
}
]
}
maybe wrong guard
Confirmed
here is my guards in config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
iam using api routes so, middleware shoud be auth:api. all permissions are loaded with user response but while using these permissions in controller constructor it give me the mentioned error above in comments.
Okay, so your app requires users to login with a username via the api guard. And passport is handling that authentication. Great.
But then your user is logged in with the api guard. But all your permissions are assigned to the web guard. Therefore your users who are connected via api will never be able to experience the permissions defined only for web users.
Simplest solution: use only 1 guard in your application: delete the web guard from config/auth.php and change all your permissions/roles from 'web' to 'api'.
You are right. the solution is :
1- add protected $guard_name = "api"; in user model.
2- add guard name = 'api' in role seeder.
3- add guard to config auth.php
4- add guard name = 'api' in permission seeder.
it worked for me thanks.