Merge pull request #510 from kenjis/fix-permission-type-error

fix: TypeError when checking invalid permission

Author: kenjis

src/Authorization/Traits/Authorizable.php

@@ -6,6 +6,7 @@
 
 use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authorization\AuthorizationException;
+use CodeIgniter\Shield\Exceptions\LogicException;
 use CodeIgniter\Shield\Models\GroupModel;
 use CodeIgniter\Shield\Models\PermissionModel;
 
@@ -226,9 +227,18 @@ public function hasPermission(string $permission): bool
     /**
      * Checks user permissions and their group permissions
      * to see if the user has a specific permission.
+     *
+     * @param string $permission string consisting of a scope and action, like `users.create`
      */
     public function can(string $permission): bool
     {
+        if (strpos($permission, '.') === false) {
+            throw new LogicException(
+                'A permission must be a string consisting of a scope and action, like `users.create`.'
+                . ' Invalid permission: ' . $permission
+            );
+        }
+
         $this->populatePermissions();
 
         $permission = strtolower($permission);

tests/Authorization/AuthorizableTest.php

@@ -6,6 +6,7 @@
 
 use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authorization\AuthorizationException;
+use CodeIgniter\Shield\Exceptions\LogicException;
 use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Test\DatabaseTestTrait;
 use Locale;
@@ -299,6 +300,16 @@ public function testCanCascadesToGroupsWithWildcards(): void
         $this->assertTrue($this->user->can('admin.access'));
     }
 
+    public function testCanGetsInvalidPermission(): void
+    {
+        $this->expectException(LogicException::class);
+        $this->expectExceptionMessage('Invalid permission: developer');
+
+        $this->user->addGroup('superadmin');
+
+        $this->assertTrue($this->user->can('developer'));
+    }
+
     /**
      * @see https://github.com/codeigniter4/shield/pull/238
      */