Permissions: Updated guest user handling so additional roles apply

Previously additional roles would only partially apply (system or "all" permissions). This aligns the query-handling of permissions so that additional roles will be used for permission queries. Adds migration to detach existing roles as a safety precaution since this is likely to widen permissions in scenarios that the public user has other roles assigned already. For #1229
2025-08-09 10:22:51 +03:00 · 2023-06-10 11:37:01 +01:00
parent 1e220c473f
commit 777027bc48
3 changed files with 60 additions and 4 deletions
--- a/app/Permissions/PermissionApplicator.php
+++ b/app/Permissions/PermissionApplicator.php
@@ -183,10 +183,6 @@ class PermissionApplicator
     */
    protected function getCurrentUserRoleIds(): array
    {
-        if (auth()->guest()) {
-            return [Role::getSystemRole('public')->id];
-        }
-
        return $this->currentUser()->roles->pluck('id')->values()->all();
    }