Issues with Roles and premissions

srinivas214 - 3 weeks ago

Hi Team, We are created a new role and assigned permissions to posts module only and created users also. When user trying to login, we are observing 403 page and url as example.com/admin We tried to access posts directly url it is working fine but issues after login 403 page is appearing.

Observation

In AuthorizeModuleAccess, below code checking for active module and only user module is in active status, it causing issues . (If user has access to user module no issues)

public function handle(Request $request, Closure $next) { if ($request->segment(1) !== 'admin' || in_array($request->path(), ['admin/login', 'admin/logout'])) { return $next($request); } $module = $this->modules->active();

    if ($module && !$this->authorizer->authorize($module->getNamespace('*'))) {
        abort(403);
    }

    return $next($request);
}

piterden - 3 weeks ago

So what do you think about this?

    /**
     * Check the authorization of module access.
     *
     * @param  Request  $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        if ($request->segment(1) !== 'admin' || in_array($request->path(), ['admin/login', 'admin/logout'])) {
            return $next($request);
        }

        $module = $this->modules->active();

        if ($module && !$this->authorizer->authorize($module->getNamespace('*'))) {
            if ($module = $this->modules->accessible()->first()) {
                redirect('admin/'.$module->getSlug());
            }

            abort(403);
        }

        return $next($request);
    }

UPD Sorry, linter broken since yesterday)) Fixed

UPD2 /** * Check the authorization of module access. * * @param Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { if ($request->segment(1) !== 'admin' || in_array($request->path(), ['admin/login', 'admin/logout'])) { return $next($request); } $module = $this->modules->active(); if ($module && !$this->authorizer->authorize($module->getNamespace('*'))) { if ($module = $this->modules->accessible()->first()) { redirect('admin/'.$module->getSlug()); } abort(403); } return $next($request); }

ryanthompson - 3 weeks ago

The very first permission listed in the permissions list is Control Panel Access which means "Can they be in the /admin/* at all?"