Welcome Guest, Not a member yet? Register   Sign In
[SOLVED] Shield getPermissions returns an empty array
#1

(This post was last modified: 04-22-2023, 08:22 AM by grimpirate.)

I'm using the following spark command to create three default users for testing purposes:
PHP Code:
<?php

namespace App\Commands;

use 
CodeIgniter\CLI\BaseCommand;
use 
CodeIgniter\CLI\CLI;

use 
CodeIgniter\Shield\Entities\User;

class 
SettingsCommand extends BaseCommand
{
    protected $group 'Setup';

    protected $name 'setup:initial';

    protected $description 'Initializes assorted defaults';

    protected $usage 'setup:initial';

    public function run(array $params)
    {

    helper('setting');

 
setting('Auth.allowRegistration'false);

 
$this->registerUser([
 
'username' => 'admin',
 
'email' => '[email protected]',
 
'password' => 'omgapassword',
 ], 
'superadmin');

 
$this->registerUser([
 
'name_first' => 'JANE',
 
'name_last' => 'DOE',
 
'title_job' => 'Big Boss',
 
'username' => 'boss',
 
'email' => '[email protected]',
 
'password' => 'omgapassword',
 ], 
'admin');

 
$this->registerUser([
 
'name_first' => 'Jane',
 
'name_last' => 'Doe',
 
'title_job' => 'Little Cog',
 
'username' => 'user',
 
'email' => '[email protected]',
 
'password' => 'omgapassword',
 ], 
'user');
    }

    private function registerUser($data$group)
    {
    $users auth()->getProvider();
 
$user = new User($data);
 
$users->save($user);
 
$user $users->findById($users->getInsertID());
 
$user->syncGroups($group);
    }

After successful login, I land on my homepage which issues:
PHP Code:
print_r(auth()->user()->getPermissions()); 
However, the output is an empty array. Shouldn't this be an array with all the default permissions for shield for the particular group type of the user (I realize that the user group is empty, I'm getting the same result for admin and superadmin)? I'm also using a custom UserModel class that provides the extra fields: name_first, name_last, title_job

Same issue as described in this post.
Reply
#2

Permissions vary by Groups.

Your command creates the user with the desired group.
Therefore, you can use the following command to access the user group.

PHP Code:
print_r(auth()->user()->getGroups()); 

If you want to access permissions, you must first add permissions for each user. In this command, you have not added permission for the user, so an empty array is returned.

see https://codeigniter4.github.io/shield/au...permission
Reply
#3

(This post was last modified: 04-21-2023, 01:10 PM by grimpirate.)

It's my understanding that the AuthGroups configuration file provides a default set of permissions for the groups under the matrix property. So shouldn't those permissions be returned?
Reply
#4

(This post was last modified: 04-21-2023, 02:00 PM by datamweb.)

Using matrix is useful for checking access permissions with method can().

So if the user is in group superadmin and the permission is not registered in table
auth_permissions_users for it.

And you have AuthGroups.php settings as follows.
PHP Code:
    
public array $matrix = [
        'superadmin' => [
            'admin.access',
        ],
]; 

You will get output yes. Even though the user is not registered for permissions(admin.access).
PHP Code:
    
        
if ($user->can('admin.access')) {
            echo 'yes!!';
        



At least that's my impression. And I don't know anything more than that.
Reply
#5

(This post was last modified: 04-21-2023, 07:15 PM by kenjis.)

Quote:getPermissions()
Returns all permissions this user has assigned directly to them.
https://codeigniter4.github.io/shield/au...ermissions

That is, getPermissions() returns only user-level permissions.

The $matrix defines group-level permissions.
Reply
#6

@datamweb and @kenjis thank you both very much for explaining the nuance, that wasn't immediately apparent to me when I read through the documentation.
Reply
#7

I sent a PR to improve the docs:
https://github.com/codeigniter4/shield/pull/714
Reply




Theme © iAndrew 2016 - Forum software by © MyBB