Extended User's Role not Finding Permissions

[Finleth]

Hello all,

I've got an issue when I try to get the user's permissions from the User class. I have a User model which extends the Authenticatable and uses the HasRoles trait as per the documentation. There are no guards set in this class and the default is web in the auth config which is correct.

I've got a database seeder which will create two roles ("Administrator" and "Editor") and some permissions that get assigned to the roles. We also create a couple test users and assign them those roles so we have an admin user and an editor user.

When using the User class (via Auth::user()) I can call any of the role methods like hasRole and I will get the expected results. I can also access the roles property and it returns the role of the user.

My issue arrives when I try to use any of the Permission methods like getAllPermissions. It returns empty and the hasPermissionTo will return false when checking the permission of the Auth::user().

I know actual code is always helpful to see but I'm not sure which files would be the most useful to display without displaying a whole ton of them so I'll wait for feedback and see what files you would like me to display.

Now onto what I've looked into and my findings so far.

First, when I pull a role from the instance of our Role model (which extends the Spatie model Role) and check the permissions property it returns the full list of permissions associated with that role as expected. So there doesn't seem to be an issue with the association between roles and permissions.

$editorRole = Role::findByName('Editor');
$editorPermissions = $editorRole->permissions;

$roleFromUser = Auth::user()->roles;
$permissionsFromUser = Auth::user()->getAllPermissions();

The above gives the following:

$editorRole // "Editor" role instance
$editorPermissions // Collection of all 7 of the permissions I've assigned to the editor role

$roleFromUser // Collection containing the editor role
$permissionsFromUser // empty Collection

I've also been using the permission middleware (which is my end goal) and it always returns as User does not have the right permissions.. If I add the additional exception display, it says the user doesn't have the permission which I triple checked and they do in fact have that permission based off of their role.

Bonus: I've also reset all my caches both when doing a fresh seeding as well as with the php artisan command.

Any ideas or thoughts on what the cause could be? I'm newer to both Laravel and Spatie so I'm not too sure where to look next. It seems that the permissions aren't mapping through the user's role but I don't understand why this would be the case when they do map through the Role model itself.

[drbyte]

This is expected behavior.

Roles have permissions; users with those roles gain access to those permissions indirectly.
(for "direct" permissions, where the User has a permission that the role doesn't grant, you can use the the ->permissions property)

If you wish to check for permissions via roles, use the can() or @can features of Laravel.
The permission middleware does use user->can() so should find it properly.

[Finleth]

Even the can() method isn't returning that the user can access the permissions via their role. And as mentioned previously, when I use the permission middleware, it too returns that the user doesn't have the permission:

protected $routeMiddleware = [
    // ...
    'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
    // ...
];

Since Spatie doesn't handle the can functionality directly I'm thinking maybe something is up with the way I'm using these permissions that I don't realize is causing the can to not behave properly. I'll continue looking into this.

[drbyte]

Can you create a fresh app in a public repo with the bare minimum of code required to recreate this problem?
Preferably building it by making multiple commits which explain each thing you've put into the app.

The process of creating a new app to demonstrate the problem often helps expose the reason behind the problem. :)

[Finleth]

Before I do that, I have a question on how the $permission->roles property gets set on the Spatie\Permission\Models\Permission model.

I was tracing a call to the Auth::user()->hasPermissionTo() and found that the permission is pulled correctly but when the hasPermissionTo method returns the check for hasPermissionViaRole the passed $permission object doesn't have any $permission->roles value set.

I completely agree that trying to recreate the problem often helps to debug so I'll see what I can do to try to replicate it. I've watched some tutorials on others setting this up from scratch with it working and I'm wondering if there's a possible disconnect since we're using UUIDs and we have Role/Permission models that extend the Spatie Models. I looked through those and everything seemed to be working but I'm still not 100% sure either way.

[Finleth]

I finally found the issue!

Turns out in the config/permission.php we had the model references pointing to the Spatie model classes and not our models (which extended the Spatie models). I thought I had fixed this earlier when I found it but I didn't realize I hadn't cleared the cache after updating those references.

I'm surprised that more didn't break considering the configuration was pointing to that class and not our own models. Our classes only updating the primary ID to use UUIDs so I guess it was similar enough to the parent class that it only broke when trying to get the roles property on the Permission model.

Thanks for your help @drbyte!