Fixes an issue where permission checks aren't made for guest users,

due to the gate being accessed after the check whether the user
is registered/signed in.
This commit is contained in:
Daniël Klabbers 2019-09-11 11:58:27 +02:00
parent 58e1c6cd99
commit 8e3eb5986f

View File

@ -60,13 +60,18 @@ trait AssertPermissionTrait
*/
protected function assertCan(User $actor, $ability, $arguments = [])
{
// Identify whether guest or user has the permission.
$can = $actor->can($ability, $arguments);
// For non-authenticated users, we throw a different exception to signal
// that logging in may help.
$this->assertRegistered($actor);
if (! $can) {
$this->assertRegistered($actor);
}
// If we're logged in, then we need to communicate that the current
// account simply does not have enough permissions.
$this->assertPermission($actor->can($ability, $arguments));
$this->assertPermission($can);
}
/**