diff --git a/src/Authorization/Traits/Authorizable.php b/src/Authorization/Traits/Authorizable.php index 6d3b98e7f..9e3f32ff1 100644 --- a/src/Authorization/Traits/Authorizable.php +++ b/src/Authorization/Traits/Authorizable.php @@ -6,6 +6,7 @@ use CodeIgniter\I18n\Time; use CodeIgniter\Shield\Authorization\AuthorizationException; +use CodeIgniter\Shield\Exceptions\LogicException; use CodeIgniter\Shield\Models\GroupModel; use CodeIgniter\Shield\Models\PermissionModel; @@ -226,9 +227,18 @@ public function hasPermission(string $permission): bool /** * Checks user permissions and their group permissions * to see if the user has a specific permission. + * + * @param string $permission string consisting of a scope and action, like `users.create` */ public function can(string $permission): bool { + if (strpos($permission, '.') === false) { + throw new LogicException( + 'A permission must be a string consisting of a scope and action, like `users.create`.' + . ' Invalid permission: ' . $permission + ); + } + $this->populatePermissions(); $permission = strtolower($permission); diff --git a/tests/Authorization/AuthorizableTest.php b/tests/Authorization/AuthorizableTest.php index 0068da21a..b1e42e051 100644 --- a/tests/Authorization/AuthorizableTest.php +++ b/tests/Authorization/AuthorizableTest.php @@ -6,6 +6,7 @@ use CodeIgniter\I18n\Time; use CodeIgniter\Shield\Authorization\AuthorizationException; +use CodeIgniter\Shield\Exceptions\LogicException; use CodeIgniter\Shield\Models\UserModel; use CodeIgniter\Test\DatabaseTestTrait; use Locale; @@ -299,6 +300,16 @@ public function testCanCascadesToGroupsWithWildcards(): void $this->assertTrue($this->user->can('admin.access')); } + public function testCanGetsInvalidPermission(): void + { + $this->expectException(LogicException::class); + $this->expectExceptionMessage('Invalid permission: developer'); + + $this->user->addGroup('superadmin'); + + $this->assertTrue($this->user->can('developer')); + } + /** * @see https://github.com/codeigniter4/shield/pull/238 */