From ea84fc48366b735b57f08420f93033a54263655f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20Klabbers?= <daniel@klabbers.email>
Date: Wed, 11 Sep 2019 11:58:27 +0200
Subject: [PATCH] Fixes an issue where permission checks aren't made for guest
 users, due to the gate being accessed after the check whether the user is
 registered/signed in.

---
 src/User/AssertPermissionTrait.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/User/AssertPermissionTrait.php b/src/User/AssertPermissionTrait.php
index dee93957c..7646e8080 100644
--- a/src/User/AssertPermissionTrait.php
+++ b/src/User/AssertPermissionTrait.php
@@ -60,13 +60,18 @@ trait AssertPermissionTrait
      */
     protected function assertCan(User $actor, $ability, $arguments = [])
     {
+        // Identify whether guest or user has the permission.
+        $can = $actor->can($ability, $arguments);
+
         // For non-authenticated users, we throw a different exception to signal
         // that logging in may help.
-        $this->assertRegistered($actor);
+        if (! $can) {
+            $this->assertRegistered($actor);
+        }
 
         // If we're logged in, then we need to communicate that the current
         // account simply does not have enough permissions.
-        $this->assertPermission($actor->can($ability, $arguments));
+        $this->assertPermission($can);
     }
 
     /**