feat: Support hierarchical permissions in method

bgeneto · bgeneto · commit 07cd5a7972cf · 2025-02-19T11:43:04.000-03:00
diff --git a/src/Authorization/Traits/Authorizable.php b/src/Authorization/Traits/Authorizable.php
@@ -280,8 +280,14 @@ public function can(string ...$permissions): bool
                 }
 
                 // Check wildcard match
-                $check = substr($permission, 0, strpos($permission, '.')) . '.*';
-                if (isset($matrix[$group]) && in_array($check, $matrix[$group], true)) {
+                $checks = [];
+                $parts  = explode('.', $permission);
+
+                for ($i = count($parts); $i > 0; $i--) {
+                    $check    = implode('.', array_slice($parts, 0, $i)) . '.*';
+                    $checks[] = $check;
+                }
+                if (isset($matrix[$group]) && array_intersect($checks, $matrix[$group]) !== []) {
                     return true;
                 }
             }
diff --git a/src/Entities/Group.php b/src/Entities/Group.php
@@ -85,9 +85,17 @@ public function can(string $permission): bool
         }
 
         // Check wildcard match
-        $check = substr($permission, 0, strpos($permission, '.')) . '.*';
+        $checks = [];
+        $parts  = explode('.', $permission);
 
-        return $this->permissions !== null && $this->permissions !== [] && in_array($check, $this->permissions, true);
+        for ($i = count($parts); $i > 0; $i--) {
+            $check    = implode('.', array_slice($parts, 0, $i)) . '.*';
+            $checks[] = $check;
+        }
+
+        return $this->permissions !== null
+            && $this->permissions !== []
+            && array_intersect($checks, $this->permissions) !== [];
     }
 
     /**
diff --git a/tests/Authorization/GroupTest.php b/tests/Authorization/GroupTest.php
@@ -87,4 +87,26 @@ public function testCan(): void
         $this->assertTrue($group2->can('users.edit'));
         $this->assertFalse($group2->can('foo.bar'));
     }
+
+    public function testCanNestedPerms(): void
+    {
+        $group = $this->groups->info('user');
+        $group->addPermission('foo.bar.*');
+        $group->addPermission('foo.biz.buz.*');
+        $this->assertTrue($group->can('foo.bar'));
+        $this->assertTrue($group->can('foo.bar.*'));
+        $this->assertTrue($group->can('foo.bar.baz'));
+        $this->assertTrue($group->can('foo.bar.buz'));
+        $this->assertTrue($group->can('foo.bar.buz.biz'));
+        $this->assertTrue($group->can('foo.biz.buz'));
+        $this->assertTrue($group->can('foo.biz.buz.*'));
+        $this->assertTrue($group->can('foo.biz.buz.bar'));
+        $this->assertFalse($group->can('foo'));
+        $this->assertFalse($group->can('foo.*'));
+        $this->assertFalse($group->can('foo.biz'));
+        $this->assertFalse($group->can('foo.buz'));
+        $this->assertFalse($group->can('foo.biz.*'));
+        $this->assertFalse($group->can('foo.biz.bar'));
+        $this->assertFalse($group->can('foo.biz.bar.buz'));
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -280,8 +280,14 @@ public function can(string ...$permissions): bool`
`280`	`280`	`}`
`281`	`281`
`282`	`282`	`// Check wildcard match`
`283`		`- $check = substr($permission, 0, strpos($permission, '.')) . '.*';`
`284`		`- if (isset($matrix[$group]) && in_array($check, $matrix[$group], true)) {`
	`283`	`+ $checks = [];`
	`284`	`+ $parts = explode('.', $permission);`
	`285`	`+`
	`286`	`+ for ($i = count($parts); $i > 0; $i--) {`
	`287`	`+ $check = implode('.', array_slice($parts, 0, $i)) . '.*';`
	`288`	`+ $checks[] = $check;`
	`289`	`+ }`
	`290`	`+ if (isset($matrix[$group]) && array_intersect($checks, $matrix[$group]) !== []) {`
`285`	`291`	`return true;`
`286`	`292`	`}`
`287`	`293`	`}`