vendredi 30 novembre 2018

Page Forbidden even if user is authorized in laravel 5.7

I'm using laravel 5.7 Gate and policies for site authorization. I have done it as follows but Page is forbidden even if user has permission in the roles table. in my system I have 3 main Roles as Super Admin, Admin,Guest. They have different permissions as attached image. Roles and Permissions. Please help me to fix this.

web.php

Route::get('/users', 'UserController@index')->name('users')->middleware('can:view-user');

AuthServiceProvide.php

public function boot()
{
    $this->registerPolicies();
    $this->registerPostPolicies();   
}

public function registerPostPolicies()
{
    Gate::define('view-user', function($user){
        $user->hasAccess(['view-user']);
    });

    Gate::define('activate-user', function($user){
        $user->hasAccess(['activate-user']);
    });
}

Role Model

public function hasAccess(array $permissions)
{
    foreach($permissions as $permission){
        if($this->hasPermission($permission)){
            return true;
            echo("<script>console.log('PHP: ".$permissions."');</script>");
        }
    }
    return false;
}

protected function hasPermission(string $permission){
    $permissions = json_decode($this->permissions,true);
    return $permissions[$permission]??false;

}   

Roles and hasAction function in User Model

public function roles()
{
    return $this->belongsToMany(Role::class, 'roles_users');
}

public function hasAccess(array $permissions)
{
   foreach($this->roles as $role){
        if($role->hasAccess($permissions)){
            return true;
        }
   }
   return false;
}

Role seeder

use Illuminate\Database\Seeder;
Use App\Role;
class rolerSeeder extends Seeder
{
    /**
     * Run the database seeds.
     *
     * @return void
     */
    public function run()
    {
        $super_admin = Role::create([
            'name'        => 'Super Admin',
            'slug'        => 'super admin',
            'permissions' => json_encode([
                'create-user' => true,
                'update-user' => true,
                'update-user' => true,
                'activate-user' => true,
                'view-user'  => true,

            ]),
        ]);
        $admin = Role::create([
            'name'        => 'Admin',
            'slug'        => 'admin',
            'permissions' => json_encode([
                'view-user'  => true,
            ]),
        ]);

        $guest = Role::create([
            'name'        => 'Guest',
            'slug'        => 'guest',
            'permissions' => json_encode([
                'view-user'  => true,
            ]),
        ]);
    }
}

And code is written as below tutorial link to tutorial



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire