Skip to content

Commit b0ebb76

Browse files
derekrpricederekrprice
committed
Fixes #488.
1 parent 875e23f commit b0ebb76

File tree

6 files changed

+133
-19
lines changed

6 files changed

+133
-19
lines changed

phpunit.xml

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,4 @@
1616
<directory suffix="Test.php">./tests/</directory>
1717
</testsuite>
1818
</testsuites>
19-
</phpunit>
19+
</phpunit>

src/Middleware/LaratrustAbility.php

+7-9
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ class LaratrustAbility extends LaratrustMiddleware
2121
*/
2222
public function handle($request, Closure $next, $roles, $permissions, $team = null, $options = '')
2323
{
24-
list($team, $validateAll, $guard) = $this->assignRealValuesTo($team, $options);
24+
[$team, $validateAll, $guards] = $this->assignRealValuesTo($team, $options);
2525

2626
if (!is_array($roles)) {
2727
$roles = explode(self::DELIMITER, $roles);
@@ -31,16 +31,14 @@ public function handle($request, Closure $next, $roles, $permissions, $team = nu
3131
$permissions = explode(self::DELIMITER, $permissions);
3232
}
3333

34-
if (
35-
Auth::guard($guard)->guest()
36-
|| !Auth::guard($guard)->user()
37-
->ability($roles, $permissions, $team, [
34+
foreach ($guards as $guard) {
35+
if (!Auth::guard($guard)->guest() && Auth::guard($guard)->user()->ability($roles, $permissions, $team, [
3836
'validate_all' => $validateAll
39-
])
40-
) {
41-
return $this->unauthorized();
37+
])) {
38+
return $next($request);
39+
}
4240
}
4341

44-
return $next($request);
42+
return $this->unauthorized();
4543
}
4644
}

src/Middleware/LaratrustMiddleware.php

+16-8
Original file line numberDiff line numberDiff line change
@@ -24,15 +24,23 @@ class LaratrustMiddleware
2424
*/
2525
protected function authorization($type, $rolesPermissions, $team, $options)
2626
{
27-
list($team, $requireAll, $guard) = $this->assignRealValuesTo($team, $options);
27+
[$team, $requireAll, $guards] = $this->assignRealValuesTo($team, $options);
2828
$method = $type == 'roles' ? 'hasRole' : 'hasPermission';
2929

3030
if (!is_array($rolesPermissions)) {
3131
$rolesPermissions = explode(self::DELIMITER, $rolesPermissions);
3232
}
3333

34-
return !Auth::guard($guard)->guest()
35-
&& Auth::guard($guard)->user()->$method($rolesPermissions, $team, $requireAll);
34+
foreach ($guards as $guard) {
35+
if (!Auth::guard($guard)->guest() && Auth::guard($guard)->user()->$method(
36+
$rolesPermissions,
37+
$team,
38+
$requireAll
39+
)) {
40+
return true;
41+
}
42+
}
43+
return false;
3644
}
3745

3846
/**
@@ -70,10 +78,10 @@ protected function assignRealValuesTo($team, $options)
7078
return [
7179
(Str::contains($team, ['require_all', 'guard:']) ? null : $team),
7280
(Str::contains($team, 'require_all') ?: Str::contains($options, 'require_all')),
73-
(Str::contains($team, 'guard:') ? $this->extractGuard($team) : (
81+
(Str::contains($team, 'guard:') ? $this->extractGuards($team) : (
7482
Str::contains($options, 'guard:')
75-
? $this->extractGuard($options)
76-
: Config::get('auth.defaults.guard')
83+
? $this->extractGuards($options)
84+
: [Config::get('auth.defaults.guard')]
7785
)),
7886
];
7987
}
@@ -84,14 +92,14 @@ protected function assignRealValuesTo($team, $options)
8492
* @param string $string
8593
* @return string
8694
*/
87-
protected function extractGuard($string)
95+
protected function extractGuards($string)
8896
{
8997
$options = Collection::make(explode('|', $string));
9098

9199
return $options->reject(function ($option) {
92100
return strpos($option, 'guard:') === false;
93101
})->map(function ($option) {
94102
return explode(':', $option)[1];
95-
})->first();
103+
});
96104
}
97105
}

tests/Checkers/User/LaratrustUserCanCheckerTestCase.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
use Laratrust\Tests\LaratrustTestCase;
88
use Laratrust\Tests\Models\Permission;
99

10-
class LaratrustUserCanCheckerTestCase extends LaratrustTestCase
10+
abstract class LaratrustUserCanCheckerTestCase extends LaratrustTestCase
1111
{
1212
protected $user;
1313

tests/Middleware/LaratrustPermissionTest.php

+53
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,59 @@ public function testHandle_IsLoggedInWithPermission_ShouldNotAbort()
143143
}, 'users-create|users-update', 'TeamA', 'guard:api|require_all'));
144144
}
145145

146+
public function testHandle_IsLoggedInWithPermissionAndMultipleGuards_ShouldNotAbort()
147+
{
148+
/*
149+
|------------------------------------------------------------
150+
| Set
151+
|------------------------------------------------------------
152+
*/
153+
$guard2 = m::mock('Illuminate\Contracts\Auth\Guard');
154+
$user = m::mock('Laratrust\Tests\Models\User')->makePartial();
155+
$middleware = new LaratrustPermission($this->guard);
156+
157+
/*
158+
|------------------------------------------------------------
159+
| Expectation
160+
|------------------------------------------------------------
161+
*/
162+
Auth::shouldReceive('guard')->with('api')->andReturn($this->guard);
163+
Auth::shouldReceive('guard')->with('web')->andReturn($guard2);
164+
$this->guard->shouldReceive('guest')->andReturn(true);
165+
$guard2->shouldReceive('guest')->andReturn(false);
166+
$guard2->shouldReceive('user')->andReturn($user);
167+
$user->shouldReceive('hasPermission')
168+
->with(
169+
['users-create', 'users-update'],
170+
m::anyOf(null, 'TeamA'),
171+
m::anyOf(true, false)
172+
)
173+
->andReturn(true);
174+
175+
/*
176+
|------------------------------------------------------------
177+
| Assertion
178+
|------------------------------------------------------------
179+
*/
180+
$this->assertNull($middleware->handle($this->request, function () {
181+
}, 'users-create|users-update'));
182+
183+
$this->assertNull($middleware->handle($this->request, function () {
184+
}, 'users-create|users-update', 'guard:api|guard:web'));
185+
186+
$this->assertNull($middleware->handle($this->request, function () {
187+
}, 'users-create|users-update', 'require_all'));
188+
189+
$this->assertNull($middleware->handle($this->request, function () {
190+
}, 'users-create|users-update', 'guard:api|guard:web|require_all'));
191+
192+
$this->assertNull($middleware->handle($this->request, function () {
193+
}, 'users-create|users-update', 'TeamA', 'require_all'));
194+
195+
$this->assertNull($middleware->handle($this->request, function () {
196+
}, 'users-create|users-update', 'TeamA', 'guard:api|guard:web|require_all'));
197+
}
198+
146199
public function testHandle_IsLoggedInWithNoPermission_ShouldRedirectWithError()
147200
{
148201
/*

tests/Middleware/MiddlewareLaratrustAbilityTest.php

+55
Original file line numberDiff line numberDiff line change
@@ -143,4 +143,59 @@ public function testHandle_IsLoggedInWithAbility_ShouldNotAbort()
143143
$this->assertNull($middleware->handle($this->request, function () {
144144
}, 'admin|user', 'edit-users|update-users', 'TeamA', 'require_all|guard:api'));
145145
}
146+
147+
148+
public function testHandle_IsLoggedInWithAbilityAndMultipleGuards_ShouldNotAbort()
149+
{
150+
/*
151+
|------------------------------------------------------------
152+
| Set
153+
|------------------------------------------------------------
154+
*/
155+
$guard2 = m::mock('Illuminate\Contracts\Auth\Guard');
156+
$user = m::mock('Laratrust\Tests\Models\User')->makePartial();
157+
$middleware = new LaratrustAbility($this->guard);
158+
159+
/*
160+
|------------------------------------------------------------
161+
| Expectation
162+
|------------------------------------------------------------
163+
*/
164+
Auth::shouldReceive('guard')->with('api')->andReturn($this->guard);
165+
Auth::shouldReceive('guard')->with('web')->andReturn($guard2);
166+
$this->guard->shouldReceive('guest')->andReturn(true);
167+
$guard2->shouldReceive('guest')->andReturn(false);
168+
$guard2->shouldReceive('user')->andReturn($user);
169+
$user->shouldReceive('ability')
170+
->with(
171+
['admin', 'user'],
172+
['edit-users', 'update-users'],
173+
m::anyOf(null, 'TeamA'),
174+
m::anyOf(['validate_all' => true], ['validate_all' => false])
175+
)
176+
->andReturn(true);
177+
178+
/*
179+
|------------------------------------------------------------
180+
| Assertion
181+
|------------------------------------------------------------
182+
*/
183+
$this->assertNull($middleware->handle($this->request, function () {
184+
}, 'admin|user', 'edit-users|update-users'));
185+
186+
$this->assertNull($middleware->handle($this->request, function () {
187+
}, 'admin|user', 'edit-users|update-users', 'guard:api|guard:web'));
188+
189+
$this->assertNull($middleware->handle($this->request, function () {
190+
}, 'admin|user', 'edit-users|update-users', 'require_all'));
191+
192+
$this->assertNull($middleware->handle($this->request, function () {
193+
}, 'admin|user', 'edit-users|update-users', 'guard:api|guard:web|require_all'));
194+
195+
$this->assertNull($middleware->handle($this->request, function () {
196+
}, 'admin|user', 'edit-users|update-users', 'TeamA', 'require_all'));
197+
198+
$this->assertNull($middleware->handle($this->request, function () {
199+
}, 'admin|user', 'edit-users|update-users', 'TeamA', 'require_all|guard:api|guard:web'));
200+
}
146201
}

0 commit comments

Comments
 (0)