Search code examples
phplaravellaravel-4cartalyst-sentry

Laravel: Sentry permissions not working properly

I have got the following in my sentry seeder:

<?php

use App\Models\User;

class SentrySeeder extends Seeder {

    public function run()
    {
        DB::table('users')->delete();
        DB::table('groups')->delete();
        DB::table('users_groups')->delete();

        Sentry::getUserProvider()->create(array(
            'email'       => '[email protected]',
            'password'    => "[email protected]",
            'first_name'  => 'Kamran',
            'last_name'   => 'Ahmed',
            'activated'   => 1,
        ));

        Sentry::getUserProvider()->create(array(
            'email'       => '[email protected]',
            'password'    => "[email protected]",
            'first_name'  => 'New',
            'last_name'   => 'User',
            'activated'   => 1,
        ));

        Sentry::getGroupProvider()->create(array(
            'name'        => 'Admin',
            'permissions' => array(
                'blog' => 1
            ),
        ));

        Sentry::getGroupProvider()->create(array(
            'name'        => 'Blogger',
            'permissions' => array(
                'blog.add' => 1,
                'blog.update' => 1,
                'blog.trash' => 1,
                'blog.remove' => 1
            ),
        ));

        // Assign user permissions
        $adminUser  = Sentry::getUserProvider()->findByLogin('[email protected]');
        $adminGroup = Sentry::getGroupProvider()->findByName('Admin');

        $normalUser  = Sentry::getUserProvider()->findByLogin('[email protected]');
        $normalGroup = Sentry::getGroupProvider()->findByName('Blogger');

        $adminUser->addGroup($adminGroup);
    }

}

As you can see, I have defined two groups Admin and Blogger. Admin has all the permissions defined by blog, while blogger can only blog.add, blog.update, blog.trash and blog.remove. In my post view, I have got a button called Delete Permanently for which I have used the permission blog.remove. I want to show this button only if Sentry::getUser()->hasAnyAccess(array('blog', 'blog.remove')):

@if (Sentry::getUser()->hasAnyAccess(array('blog', 'blog.remove')))
    <a class="btn btn-danger" href="{{URL::to('post/delete/' . $post->id)}}">Delete Permanently</a>
@endif

Now when I login using the [email protected], it works fine that is remove button is shown as expected, because the admin has the access to blog permission. But, when I login using [email protected], the button is not being shown. What is the reason that the button is not being shown although I have assigned the permission of blog.remove to [email protected]. Also I did a var_dump(..) and it's return false. Can any one please tell me what's wrong with my implementation? Why is the removal button not being shown for the [email protected] user?

Solution

  • In your seeder your not assigning the user to the blogger group.

    $normalUser->addGroup($normalGroup);