github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-06 11:51:45 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixes an issue where permission checks aren't made for guest users,

Browse Source 
due to the gate being accessed after the check whether the user
is registered/signed in.
This commit is contained in:
Daniël Klabbers 2019-09-11 11:58:27 +02:00
parent 58e1c6cd99
commit 8e3eb5986f
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
framework/core/src/User/AssertPermissionTrait.php
View File

@ -60,13 +60,18 @@ trait AssertPermissionTrait
*/ */
protected function assertCan(User $actor, $ability, $arguments = []) protected function assertCan(User $actor, $ability, $arguments = [])
{ {
// Identify whether guest or user has the permission.
$can = $actor->can($ability, $arguments);
// For non-authenticated users, we throw a different exception to signal // For non-authenticated users, we throw a different exception to signal
// that logging in may help. // that logging in may help.
$this->assertRegistered($actor); if (! $can) {
$this->assertRegistered($actor);
}
// If we're logged in, then we need to communicate that the current // If we're logged in, then we need to communicate that the current
// account simply does not have enough permissions. // account simply does not have enough permissions.
$this->assertPermission($actor->can($ability, $arguments)); $this->assertPermission($can);
} }
/** /**