问题
I'm working full time on an application for 2 years. I encounter this bug regularily, let's say every couple months, but never manage to fix it in a reliable way because it just disappears and I never get to find the "why".
So, here it is again, and I have no clue why and how to fix it. This time, I'm writing something so I'll have a page to favorite for the next time.
Here is the bug:
If I make any change to a policy method, for instance in app/Policies/UserPolicy, the change is not taken into account when using @can in a blade or $user->can in a php file. I can introduce a die
in the policy, a Log::debug('something')
or even a return false
at the very start of the function, but nope, still returning true.
Here is a code sample:
File : app/Policies/UserPolicy
public function deleteUser(User $user, User $target)
{
return false;
if ($user->id === $target->id) {
return false;
}
// [...]
}
Here is the code testing, it returns true, whatever I do in the policy code:
$me = Auth::user();
dd($me->can('deleteUser', $me));
Originally this example should return false, but it's returning true and I don't know why. Modifying the code does not change a thing, it's like there is a cache that nothing can clear. I've tried all the cache clearing commands I know:
- php artisan cache:clear
- php artisan config:clear
- php artisan view:clear
- php artisan clear-compiled
- composer dump-autoload
Even restarted apache, and so on... I checked php.ini, I don't have OPCache enabled (line commented, but I tried with OPcache.enabled=0 too, no changes).
Maybe the reason is elsewhere but I don't know where to look. As I said, this bug usually disappear by itself without leaving me the time to find the cause.
Other way to reproduce the bug
In a blade, if I write:
@can('deleteUser', $user)
CAN
@endcan
It always display CAN. If I rename the function in the policy file to deleteUserr for instance, nothing changes (still returns true). However, if I change the blade code to @can('deleteUserr', $user)
then I don't have the "CAN" displayed, as this function is not found and the result for unfound rule is alwways false.
Environment
WSL (Ubuntu 18.04, apache 2.4.29, php 7.2.19), Laravel 6.0.3
Thanks for any help !
EDIT / SOLVED : found the culprit !
It is a bad interaction with the composer package spatie/laravel-permission
.
I have a spatie permission that is name "deleteUser" and is granted. The package has probably overloaded the "->can" method and now checks first in its permissions mechanism before going on the policy route. So my UserPolicy@deleteUser is simply ignored.
回答1:
Here is the reason I found:
It is a bad interaction with the composer package spatie/laravel-permission.
I have a spatie permission that is name "deleteUser" and is granted. The package has probably overloaded the "->can" method and now checks first in its permissions mechanism before going on the policy route.
As the permission "deleteUser" is granted, the UserPolicy@deleteUser is simply ignored.
来源:https://stackoverflow.com/questions/58398835/laravel-policies-code-change-is-ignored-is-there-any-policy-cache-to-clear