diff --git a/framework/core/src/Api/Controller/ListUsersController.php b/framework/core/src/Api/Controller/ListUsersController.php index b10ed17a4..85d7bfa26 100644 --- a/framework/core/src/Api/Controller/ListUsersController.php +++ b/framework/core/src/Api/Controller/ListUsersController.php @@ -72,7 +72,6 @@ class ListUsersController extends AbstractListController { $actor = $request->getAttribute('actor'); - $this->assertRegistered($actor); $this->assertCan($actor, 'viewUserList'); $query = Arr::get($this->extractFilter($request), 'q'); diff --git a/framework/core/src/Group/Command/CreateGroupHandler.php b/framework/core/src/Group/Command/CreateGroupHandler.php index 8a000679e..036443213 100644 --- a/framework/core/src/Group/Command/CreateGroupHandler.php +++ b/framework/core/src/Group/Command/CreateGroupHandler.php @@ -49,7 +49,6 @@ class CreateGroupHandler $actor = $command->actor; $data = $command->data; - $this->assertRegistered($actor); $this->assertCan($actor, 'createGroup'); $group = Group::build( diff --git a/framework/core/src/User/AssertPermissionTrait.php b/framework/core/src/User/AssertPermissionTrait.php index d3e1ad709..dee93957c 100644 --- a/framework/core/src/User/AssertPermissionTrait.php +++ b/framework/core/src/User/AssertPermissionTrait.php @@ -55,15 +55,23 @@ trait AssertPermissionTrait * @param User $actor * @param string $ability * @param mixed $arguments + * @throws NotAuthenticatedException * @throws PermissionDeniedException */ protected function assertCan(User $actor, $ability, $arguments = []) { + // For non-authenticated users, we throw a different exception to signal + // that logging in may help. + $this->assertRegistered($actor); + + // If we're logged in, then we need to communicate that the current + // account simply does not have enough permissions. $this->assertPermission($actor->can($ability, $arguments)); } /** * @param User $actor + * @throws NotAuthenticatedException * @throws PermissionDeniedException */ protected function assertAdmin(User $actor)