[5.7] Authorize Middleware Doesn't Accept String Parameters #25763
Conversation
damiankloip
force-pushed
the
authorize-middleware-string-params
branch
from
868afcb to
ee642c7
Compare
damiankloip
force-pushed
the
authorize-middleware-string-params
branch
from
ee642c7 to
73168c9
Compare
damiankloip
changed the title
damiankloip
changed the title
| @@ -86,6 +86,24 @@ public function testSimpleAbilityAuthorized() | |||
| $this->assertEquals($response->content(), 'success'); | |||
| } | |||
|
|
|||
| public function testSimpleAbilityWithStringParameter() | |||
There was a problem hiding this comment.
Could you add test like:
- The route has parameter
document - You pass the value
documentforsome_value
There was a problem hiding this comment.
Thanks @TBlindaruk - do you mean like 2aa094d ? So we pass a parameter, get that back and is available in the ability callback.
There was a problem hiding this comment.
yes, like this, but I`m not sure if it is good behavior
There was a problem hiding this comment.
This behaviour already exists though? If you had a parameter on the route, the existing code calling route() would already return this anyway. The new test method added doesn't really test the change with the default value but the current logic.
|
|
||
| $response = $this->router->dispatch(Request::create('dashboard', 'GET')); | ||
|
|
||
| $this->assertEquals($response->content(), 'success'); |
There was a problem hiding this comment.
I guess this is actually the other way round ;-)
$this->assertEquals('success', $response->content());
There was a problem hiding this comment.
Happy to change this, every other assertion like this in the file is $this->assertEquals($response->content(), 'success') though.
|
|
||
| $response = $this->router->dispatch(Request::create('dashboard/true', 'GET')); | ||
|
|
||
| $this->assertEquals($response->content(), 'success'); |
|
This change broke our code. We had something like this: and on our Policy: And then when someone accessed the second rout the forum parameter would be null and now it becomes a string |
When using authorization gates, they can be used with arbitrary parameters that aren't necessarily models. E.g.
In blade templates:
And, as middleware via
authorizein controllers:However, when trying to do that at the route middleware level, the
Authorizemiddleware always assumes the parameter will be a model. So it's not possible to do the following:This breaks currently as
getGateArguments(and thengetModel) assumes the parameter will be a model (or class name) and tries to resolve it from route parameters as so. So the above example would be turned into an array of arguments like[null]instead.This can be solved quite simply by passing the
$modelvalue as the default value to theroute()call.It doesn't seem like this should cause any existing breakage, as it currently returns an array of null values in this case. Tests also don't fail with the change - only with the new test case added here (before the fix). This also makes the behaviour more consist across all usage.