Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid loss of all permissions/roles pivots on sync error #2341

Merged
merged 1 commit into from
Mar 16, 2023
Merged

Avoid loss of all permissions/roles pivots on sync error #2341

merged 1 commit into from
Mar 16, 2023

Conversation

erikn69
Copy link
Contributor

@erikn69 erikn69 commented Mar 1, 2023
edited

Closes #2339

Describe the bug
When using the syncPermissions function from the HasPermissions trait, providing an accidental wrongly named permission will result in loss of all permissions. This is caused by the fact that syncPermissions eagerly removes all existing permissions.

Steps to reproduce the behavior:
Create a model that uses the HasPermissions trait
Assign some valid permissions to the model
Use the syncPermissions helper, with a combination of any number of valid permissions and at least one invalid permission
Result: all permissions will be lost on the user

Example Test
Here is a link to my Github repo containing a minimal Laravel application which shows my problem:
main...jnoordsij:spatie-laravel-permission:permission-sync-fail

@erikn69 erikn69 mentioned this pull request Mar 1, 2023
Closed
@erikn69 erikn69 force-pushed the patch-2 branch 3 times, most recently from e8de9c3 to 638045d Compare March 6, 2023 18:02
@erikn69 erikn69 force-pushed the patch-2 branch 5 times, most recently from d341e28 to 93e8ac4 Compare March 7, 2023 19:48
drbyte
drbyte reviewed Mar 16, 2023
View reviewed changes
src/Traits/HasPermissions.php
*/
public function collectPermissions(...$permissions)
private function collectPermissions(...$permissions): array
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: in #2182 when this collectPermissions() method was created, it was created by @angeljqv as public, but probably should have been private.
It was released in v5.5.7.

Since it's a breaking change, albeit highly unlikely to affect anyone, we won't backport this to v5.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, i did test it, it works correctly for me, seems the right way

@drbyte
Copy link
Collaborator

drbyte commented Mar 16, 2023

Thanks @erikn69 !

@drbyte drbyte merged commit 70a2fdb into spatie:main Mar 16, 2023
@erikn69 erikn69 deleted the patch-2 branch March 21, 2023 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drbyte drbyte drbyte left review comments

@angeljqv angeljqv angeljqv left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Syncing an incorrect permission results in loss of all permissions
3 participants
@erikn69 @drbyte @angeljqv