Instances of models should not matter when checking permissions (#2186)

This commit is contained in:
Alexander Skvortsov 2020-05-27 12:22:08 -04:00 committed by GitHub
parent 88090660d4
commit 063df058b6

View File

@ -103,7 +103,7 @@ class UserServiceProvider extends AbstractServiceProvider
// If no policy covered this permission query, we will only grant
// the permission if the actor's groups have it. Otherwise, we will
// not allow the user to perform this action.
if ($actor->isAdmin() || (! $model && $actor->hasPermission($ability))) {
if ($actor->isAdmin() || $actor->hasPermission($ability)) {
return true;
}