[SOLVED] Shield getPermissions returns an empty array

I'm using the following spark command to create three default users for testing purposes:

PHP Code:

<?php

namespace App\Commands;

use CodeIgniter\CLI\BaseCommand;
use CodeIgniter\CLI\CLI;

use CodeIgniter\Shield\Entities\User;

class SettingsCommand extends BaseCommand
{
    protected $group = 'Setup';

    protected $name = 'setup:initial';

    protected $description = 'Initializes assorted defaults';

    protected $usage = 'setup:initial';

    public function run(array $params)
    {

    helper('setting');

 setting('Auth.allowRegistration', false);

 $this->registerUser([
 'username' => 'admin',
 'email' => '[email protected]',
 'password' => 'omgapassword',
 ], 'superadmin');

 $this->registerUser([
 'name_first' => 'JANE',
 'name_last' => 'DOE',
 'title_job' => 'Big Boss',
 'username' => 'boss',
 'email' => '[email protected]',
 'password' => 'omgapassword',
 ], 'admin');

 $this->registerUser([
 'name_first' => 'Jane',
 'name_last' => 'Doe',
 'title_job' => 'Little Cog',
 'username' => 'user',
 'email' => '[email protected]',
 'password' => 'omgapassword',
 ], 'user');
    }

    private function registerUser($data, $group)
    {
    $users = auth()->getProvider();
 $user = new User($data);
 $users->save($user);
 $user = $users->findById($users->getInsertID());
 $user->syncGroups($group);
    }
} 


After successful login, I land on my homepage which issues:

PHP Code:

print_r(auth()->user()->getPermissions()); 


However, the output is an empty array. Shouldn't this be an array with all the default permissions for shield for the particular group type of the user (I realize that the user group is empty, I'm getting the same result for admin and superadmin)? I'm also using a custom UserModel class that provides the extra fields: name_first, name_last, title_job

Same issue as described in this post.

Halberd | CodeIgniter Sandbox

Permissions vary by Groups.

Your command creates the user with the desired group.
Therefore, you can use the following command to access the user group.

PHP Code:

print_r(auth()->user()->getGroups()); 


If you want to access permissions, you must first add permissions for each user. In this command, you have not added permission for the user, so an empty array is returned.

see https://codeigniter4.github.io/shield/au...permission

shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule

It's my understanding that the AuthGroups configuration file provides a default set of permissions for the groups under the matrix property. So shouldn't those permissions be returned?

Halberd | CodeIgniter Sandbox

Using matrix is useful for checking access permissions with method can().

So if the user is in group superadmin and the permission is not registered in table
auth_permissions_users for it.

And you have AuthGroups.php settings as follows.

PHP Code:

    
public array $matrix = [
        'superadmin' => [
            'admin.access',
        ],
]; 


You will get output yes. Even though the user is not registered for permissions(admin.access).

PHP Code:

    
        if ($user->can('admin.access')) {
            echo 'yes!!';
        } 


At least that's my impression. And I don't know anything more than that.

shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule

getPermissions()
Returns all permissions this user has assigned directly to them.
https://codeigniter4.github.io/shield/au...ermissions

That is, getPermissions() returns only user-level permissions.

The $matrix defines group-level permissions.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

@datamweb and @kenjis thank you both very much for explaining the nuance, that wasn't immediately apparent to me when I read through the documentation.

Halberd | CodeIgniter Sandbox

I sent a PR to improve the docs:
https://github.com/codeigniter4/shield/pull/714

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper