mirror of
https://github.com/flarum/framework.git
synced 2024-11-30 05:13:37 +08:00
Fixes an issue where permission checks aren't made for guest users,
due to the gate being accessed after the check whether the user is registered/signed in.
This commit is contained in:
parent
58e1c6cd99
commit
8e3eb5986f
|
@ -60,13 +60,18 @@ trait AssertPermissionTrait
|
|||
*/
|
||||
protected function assertCan(User $actor, $ability, $arguments = [])
|
||||
{
|
||||
// Identify whether guest or user has the permission.
|
||||
$can = $actor->can($ability, $arguments);
|
||||
|
||||
// For non-authenticated users, we throw a different exception to signal
|
||||
// that logging in may help.
|
||||
$this->assertRegistered($actor);
|
||||
if (! $can) {
|
||||
$this->assertRegistered($actor);
|
||||
}
|
||||
|
||||
// If we're logged in, then we need to communicate that the current
|
||||
// account simply does not have enough permissions.
|
||||
$this->assertPermission($actor->can($ability, $arguments));
|
||||
$this->assertPermission($can);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue
Block a user