Comments (13)
In general the CMS should have nothing to do with any roles or permissions. If you use the simple setup (the command line one) then it will potentially overwrite files and code to handle permissions etc. To access the CMS you need to have an auth setup to handle cms
it can be as simple as
Gate::define('cms', function ($user) {
return (bool) $user;
});
You'd have to customize this definition to work with Spatie's roles and permissions but to be honest I don't know them, and am not sure how you set roles to a user.
from cms.
In general the CMS should have nothing to do with any roles or permissions. If you use the simple setup (the command line one) then it will potentially overwrite files and code to handle permissions etc. To access the CMS you need to have an auth setup to handle
cms
it can be as simple asGate::define('cms', function ($user) { return (bool) $user; });
You'd have to customize this definition to work with Spatie's roles and permissions but to be honest I don't know them, and am not sure how you set roles to a user.
As I stated above, I used the complex setup, and thats why its so weird. Nothing was overwritten as far as I know. All that happens is that all the roles get loaded for a user on the homepage.
When installing cms it breaks the @hasanyrole
blade directive too it seems. I checked multiple times by uninstalling it and installing it to check.
from cms.
Right now I have figured out that this happens if permissions get checked inside a model scope before anywhere else. And when permissions get checked in the scope, the query is without the related user so all of the roles are loaded.
I will at a later date figure out what's up with that and give further feedback on it. As I still think that it is in someway related to CMS, It would be nice to leave this issue as is.
from cms.
Thanks @davisriska, I'll try adding the Spatie package to my test app and see if I can replicate this in the meanwhile.
from cms.
Have similar problem. Any update
from cms.
Have similar problem. Any update
Hey, for now you can try a fix I did -
I made a middleware that checks for a random permission, which in return loads in all the permissions for user and caches that.
`
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class PermissionBugFix {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next) {
Auth::user() && Auth::user()->can('manage users'); // This is a stupid fix for a stupid bug
return $next($request);
}
}
`
Change the can part with a permission you have.
from cms.
Have problem where @can etc. Not getting picked up in blade also. Will this resolve this issue also
from cms.
Have problem where @can etc. Not getting picked up in blade also. Will this resolve this issue also
No, sadly that won't fix it.
You should be able to use @can
tho. I couldn't use the @hasRole
blade specifically.
from cms.
This is a real serious security risk. Won't be using grafite at the moment.
from cms.
Hey @davisriska could you remove the 'cms-language', 'cms-analytics'
from the cms routes? I think I found the issue with the Blade directives that I can fix but I'm wondering if those middlewares are breaking things @capricorn05 how about you?
from cms.
@mlantz Well, I tried removing the middleware ('cms-language', 'cms-analytics'
), it didnt fix the role/permission issue and it didn't fix the blade template problem either.
from cms.
So I've spent nearly a full day debugging this, or at least attempting to and I discovered this link spatie/laravel-permission#278 it looks like other people had issues with things related to Blade, as did other packages. Based on thorough testing I'm unable to resolve what the root issue is.
I was able to get a user and their roles and permissions in a fresh build of an app with the CMS, but I wasn't able to get the Blade
components of the permissions package to work correctly with the CMS either. I'll make a note in the documentation, about the spate/laravel-permissions
package.
That being said, the CMS package works fine with the core auth components and the standard blade components of @can
and other authorization elements of the Laravel Framework. The fact that its doesn't play well with a third party auth component doesn't incure that the CMS package itself is a security risk, its simply a concern if you're using spatie/laravel-permissions
.
from cms.
Thanks for your time and input @mlantz!
from cms.
Related Issues (20)
- Blog::getHeroImageURLAttribute () has an uused value HOT 1
- npm install fails to run on clean install HOT 1
- How to pull in faq items from the faq module in a custom template HOT 3
- Postgresql HOT 1
- [QUESTION] Can I add custom admin theme? HOT 1
- Remove Module HOT 1
- multi language does not run : language always 'en' HOT 1
- Multilanguage does not work on menu links HOT 4
- Can not create Page, Blog, Menu etc. HOT 3
- Whoops\Exception\ErrorException : Trait 'App\Servcies\Traits\HasRoles' not found HOT 2
- Using Sentinel HOT 1
- LogicException : Key path does not exist or is not readable HOT 1
- Adding Menu Items to Admin Panel HOT 1
- Viewing HTML in the Redactor editor causes scroll bug [Chrome/Opera]. HOT 1
- Issues with using laravels default pagination
- Demo site : cannot login
- Problem with showing a page
- Laravel 5.8 not suported HOT 6
- We were unable to generate your profile, please try again later(Exception).
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cms.