Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Mazsuu's avatar

Laravel Permissions and Roles with Gate/Can

at the moment i do a tutorial called "roles and permissions in laravel" from codecourse.com.

In part 4 of the tutorial i have the problem i get everytime the result true. If i ask for the permission "edit posts" it should show me true, if i ask for the permission "delete posts" it should show me false.

I checked the database relationship, but there is no relationship between the user and the permission "delete posts".

Only if i ask for a permission that not exist like "blabla" (i mean not exist in the database) i got false.

I believe he is only checking is there a permission with this name and not checking have the user the permission.

web.php <----------------------------------------------------------------------------------------

Route::get('/', function (\illuminate\Http\Request $request) {
$user = $request->user();

dump($user->can("delete posts"));});

HasPermissionTrait.php <---------------------------------------------------------------------

trait HasPermissionsTrait {

public function hasRole(...$roles)
{
    foreach ($roles as $role) {
        if ($this->roles->contains('name', $role)) {
            return true;
        }
    }

    return false;
}

public function hasPermissionTo($permission) {
    //Check has permission through role

    return $this->hasPermission($permission);
}

protected function hasPermission($permission) {
    return (bool) $this->permissions->where('name', $permission->name);
}

public function roles() {
    return $this->belongsToMany(Role::class, 'users_roles');

}

public function permissions() {
    return $this->belongsToMany(Permission::class, 'users_permissions');

}

PermissionsServiceProvider.php <------------------------------------------------------------

public function boot()
{
    Permission::get()->map(function ($permission) {
        Gate::define($permission->name, function ($user) use ($permission) {
            return $user->hasPermissionTo($permission);
        });
    });
}

/**
 * Register the application services.
 *
 * @return void
 */
public function register()
{
    //
}

you can watch my full code here -> https://github.com/RahmanG/joko

On this image you can see the Auth. There is no permission "delete posts". But you can see the Gate is giving true.

https://imgur.com/a/gf923

Thank you for supporting

0 likes
3 replies
tykus's avatar
tykus
8 years ago
Best Answer
Level 104

Looks like your trait might have a mistake:

protected function hasPermission($permission) {
    return (boolean) $this->permissions->where('name', $permission->name);
}

$this->permissions->where('name', $permission->name) returns a Builder instance, and an object cast to a boolean always is true.

You probably need to return a count or first - something that would be falsey if there was no permission, e.g.

protected function hasPermission($permission) {
    return (boolean) $this->permissions->where('name', $permission->name)->count();
}
2 likes
Mazsuu's avatar

Thank you Tykus. You saved my life. Since two days no sleep alltime the same question "why is this shit not working"

Please or to participate in this conversation.