Sharing middleware permission check fails for the duplicate, works for the original



  • I have a module for Teammembers (basically staff of locations, not users)

    The Teammembers have have a type (Doctor, Technician, etc) which I built in as an Entity after the fact.

    For permissions it made sense to me that if a User can 'index' Teammembers, then they can index MemberTypes... if they can create a member they can create a member type... etc.

    When I use the same Middleware for the type index route as the member index route, permissions check fails on the type route, but passes for the member route.

    backendRoutes.php

        //This one works
        $router->get('teammembers', [
            'as' => 'admin.teammember.teammember.index',
            'uses' => 'TeammemberController0',
            'middleware' => 'can:teammember.teammembers.index'
        ]);
    
        //This one fails permission
        $router->get('teammember/types', [
            'as' => 'admin.teammember.membertype.index',
            'uses' => 'MemberTypeController0',
            'middleware' => 'can:teammember.teammembers.index'
        ]);
    

    Error Message returned on screen is:
    Permission denied. (required permission: "teammember.teammember.index")

    The thing I notice is that the route failing has teammember singular in the path, and the permissions check returns it singular as well even though the middleware has it plural.

    Am I using this wrong? Is it possible to share the permissions like this?



  • It looks like the middleware value set in these routes isn't being used at all.... Am I wrong? Everything runs through a check that parses the controller/function names and uses that to build a permissions string to check against.

    I guess the solution is every entity needs to have permissions set on it.

    Does the middleware definition in these routes do anything?



  • Upgrading to version 2 resolved this issue for me


  • admin

    Indeed this only works in version 2.


Log in to reply
 

Looks like your connection to AsgardCms was lost, please wait while we try to reconnect.