[4.x] Fix: GateWatcher shows allowed when it is denied via Response c…

…lass (#1010) * fix: GateWatcher saves denied response as allowed * tests for gatewatcher changes
laravel · Feb 8, 2021 · 05d0fbf · 05d0fbf
1 parent c21b0e3
commit 05d0fbf
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 7 deletions.
diff --git a/src/Watchers/GateWatcher.php b/src/Watchers/GateWatcher.php
@@ -2,6 +2,7 @@
 
 namespace Laravel\Telescope\Watchers;
 
+use Illuminate\Auth\Access\Response;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Facades\Gate;
@@ -44,7 +45,7 @@ public function recordGateCheck(?Authenticatable $user, $ability, $result, $argu
 
         Telescope::recordGate(IncomingEntry::make([
             'ability' => $ability,
-            'result' => $result ? 'allowed' : 'denied',
+            'result' => $this->gateResult($result),
             'arguments' => $this->formatArguments($arguments),
             'file' => $caller['file'],
             'line' => $caller['line'],
@@ -64,6 +65,21 @@ private function shouldIgnore($ability)
         return Str::is($this->options['ignore_abilities'] ?? [], $ability);
     }
 
+    /**
+     * Determine if the gate result is denied or allowed.
+     *
+     * @param  bool|\Illuminate\Auth\Access\Response  $result
+     * @return string
+     */
+    private function gateResult($result)
+    {
+        if ($result instanceof Response) {
+            return $result->allowed() ? 'allowed' : 'denied';
+        }
+
+        return $result ? 'allowed' : 'denied';
+    }
+
     /**
      * Format the given arguments.
      *

diff --git a/tests/Watchers/GateWatcherTest.php b/tests/Watchers/GateWatcherTest.php
@@ -2,6 +2,7 @@
 
 namespace Laravel\Telescope\Tests\Watchers;
 
+use Illuminate\Auth\Access\Response;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Illuminate\Support\Facades\Gate;
@@ -43,7 +44,7 @@ public function test_gate_watcher_registers_allowed_entries()
         $this->assertTrue($check);
         $this->assertSame(EntryType::GATE, $entry->type);
         $this->assertSame(__FILE__, $entry->content['file']);
-        $this->assertSame(39, $entry->content['line']);
+        $this->assertSame(40, $entry->content['line']);
         $this->assertSame('potato', $entry->content['ability']);
         $this->assertSame('allowed', $entry->content['result']);
         $this->assertEmpty($entry->content['arguments']);
@@ -58,7 +59,7 @@ public function test_gate_watcher_registers_denied_entries()
         $this->assertFalse($check);
         $this->assertSame(EntryType::GATE, $entry->type);
         $this->assertSame(__FILE__, $entry->content['file']);
-        $this->assertSame(54, $entry->content['line']);
+        $this->assertSame(55, $entry->content['line']);
         $this->assertSame('potato', $entry->content['ability']);
         $this->assertSame('denied', $entry->content['result']);
         $this->assertSame(['banana'], $entry->content['arguments']);
@@ -73,7 +74,7 @@ public function test_gate_watcher_registers_allowed_guest_entries()
         $this->assertTrue($check);
         $this->assertSame(EntryType::GATE, $entry->type);
         $this->assertSame(__FILE__, $entry->content['file']);
-        $this->assertSame(69, $entry->content['line']);
+        $this->assertSame(70, $entry->content['line']);
         $this->assertSame('guest potato', $entry->content['ability']);
         $this->assertSame('allowed', $entry->content['result']);
         $this->assertEmpty($entry->content['arguments']);
@@ -88,7 +89,7 @@ public function test_gate_watcher_registers_denied_guest_entries()
         $this->assertFalse($check);
         $this->assertSame(EntryType::GATE, $entry->type);
         $this->assertSame(__FILE__, $entry->content['file']);
-        $this->assertSame(84, $entry->content['line']);
+        $this->assertSame(85, $entry->content['line']);
         $this->assertSame('deny potato', $entry->content['ability']);
         $this->assertSame('denied', $entry->content['result']);
         $this->assertSame(['gelato'], $entry->content['arguments']);
@@ -104,7 +105,7 @@ public function test_gate_watcher_registers_allowed_policy_entries()
 
         $this->assertSame(EntryType::GATE, $entry->type);
         $this->assertSame(__FILE__, $entry->content['file']);
-        $this->assertSame(185, $entry->content['line']);
+        $this->assertSame(231, $entry->content['line']);
         $this->assertSame('create', $entry->content['ability']);
         $this->assertSame('allowed', $entry->content['result']);
         $this->assertSame([[]], $entry->content['arguments']);
@@ -124,11 +125,51 @@ public function test_gate_watcher_registers_denied_policy_entries()
 
         $this->assertSame(EntryType::GATE, $entry->type);
         $this->assertSame(__FILE__, $entry->content['file']);
-        $this->assertSame(190, $entry->content['line']);
+        $this->assertSame(236, $entry->content['line']);
         $this->assertSame('update', $entry->content['ability']);
         $this->assertSame('denied', $entry->content['result']);
         $this->assertSame([[]], $entry->content['arguments']);
     }
+
+    public function test_gate_watcher_registers_allowed_response_policy_entries()
+    {
+        Gate::policy(TestResource::class, TestPolicy::class);
+
+        try {
+            (new TestController())->view(new TestResource());
+        } catch (\Exception $ex) {
+            // ignore
+        }
+
+        $entry = $this->loadTelescopeEntries()->first();
+
+        $this->assertSame(EntryType::GATE, $entry->type);
+        $this->assertSame(__FILE__, $entry->content['file']);
+        $this->assertSame(226, $entry->content['line']);
+        $this->assertSame('view', $entry->content['ability']);
+        $this->assertSame('allowed', $entry->content['result']);
+        $this->assertSame([[]], $entry->content['arguments']);
+    }
+
+    public function test_gate_watcher_registers_denied_response_policy_entries()
+    {
+        Gate::policy(TestResource::class, TestPolicy::class);
+
+        try {
+            (new TestController())->delete(new TestResource());
+        } catch (\Exception $ex) {
+            // ignore
+        }
+
+        $entry = $this->loadTelescopeEntries()->first();
+
+        $this->assertSame(EntryType::GATE, $entry->type);
+        $this->assertSame(__FILE__, $entry->content['file']);
+        $this->assertSame(241, $entry->content['line']);
+        $this->assertSame('delete', $entry->content['ability']);
+        $this->assertSame('denied', $entry->content['result']);
+        $this->assertSame([[]], $entry->content['arguments']);
+    }
 }
 
 class User implements Authenticatable
@@ -180,6 +221,11 @@ class TestController
 {
     use AuthorizesRequests;
 
+    public function view($object)
+    {
+        $this->authorize($object);
+    }
+
     public function create($object)
     {
         $this->authorize($object);
@@ -189,10 +235,20 @@ public function update($object)
     {
         $this->authorize($object);
     }
+
+    public function delete($object)
+    {
+        $this->authorize($object);
+    }
 }
 
 class TestPolicy
 {
+    public function view(?User $user)
+    {
+        return Response::allow('this action is allowed');
+    }
+
     public function create(?User $user)
     {
         return true;
@@ -202,4 +258,9 @@ public function update(?User $user)
     {
         return false;
     }
+
+    public function delete(?User $user)
+    {
+        return Response::deny('this action is denied');
+    }
 }