Fixes an issue where permission checks aren't made for guest users,

due to the gate being accessed after the check whether the user is registered/signed in.
2024-11-26 18:33:40 +08:00 · 2019-09-11 11:58:27 +02:00 · 2019-09-11 11:58:27 +02:00 · 8e3eb5986f
commit 8e3eb5986f
parent 58e1c6cd99
1 changed files with 7 additions and 2 deletions
--- a/framework/core/src/User/AssertPermissionTrait.php
+++ b/framework/core/src/User/AssertPermissionTrait.php
@ -60,13 +60,18 @@ trait AssertPermissionTrait
     */
    protected function assertCan(User $actor, $ability, $arguments = [])
    {
+        // Identify whether guest or user has the permission.
+        $can = $actor->can($ability, $arguments);
+
        // For non-authenticated users, we throw a different exception to signal
        // that logging in may help.
-        $this->assertRegistered($actor);
+        if (! $can) {
+            $this->assertRegistered($actor);
+        }

        // If we're logged in, then we need to communicate that the current
        // account simply does not have enough permissions.
-        $this->assertPermission($actor->can($ability, $arguments));
+        $this->assertPermission($can);
    }

    /**