Conflict Between Spatie Laravel Permission Package and Laravel Policies

[najeeb-anwari]

Conflict Between Spatie Laravel Permission Package and Laravel Policies

Summary

After installing the Spatie Laravel Permission package, my existing Laravel policy-based authorization is encountering conflicts. Specifically, the Gate::authorize('view', $teamMember) method, which previously worked, now triggers an error indicating that there is no role named view for guard web.

Error Message

"There is no role named view for guard web.",
"exception": "Spatie\Permission\Exceptions\RoleDoesNotExist",
"file": "C:\laragon\www\chat\vendor\spatie\laravel-permission\src\Exceptions\RoleDoesNotExist.php",

Steps to Reproduce

1. Install Spatie Laravel Permission package using Composer.
2. Ensure policies are correctly registered in AuthServiceProvider.
3. Use the Gate::authorize('view', $teamMember) method in a controller.
4. Encounter the error message mentioned above.

Expected Behavior

The Gate::authorize('view', $teamMember) method should utilize Laravel's built-in policies and not attempt to find a Spatie role or permission named view.

Actual Behavior

Instead of using the Laravel policy, the Gate::authorize('view', $teamMember) method is attempting to find a Spatie role or permission named view, resulting in an error.

Relevant Code

AuthServiceProvider:

<?php

namespace App\Providers;

use App\Models\Team;
use App\Models\TeamMember;
use App\Policies\V1\TeamMemberPolicy;
use App\Policies\V1\TeamPolicy;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Register any application services.
     */
    public function register(): void
    {
        //
    }

    /**
     * Bootstrap any application services.
     */
    public function boot(): void
    {
        Gate::policy(Team::class, TeamPolicy::class);
        Gate::policy(TeamMember::class, TeamMemberPolicy::class);
    }
}

TeamMemberPolicy:

namespace App\Policies;

use App\Models\TeamMember;
use App\Models\User;

class TeamMemberPolicy
{
    public function view(User $user, TeamMember $teamMember)
    {
        return $user->id === $teamMember->user_id;
    }
}

Controller Method:

public function signIn($teamId)
{
    $teamMember = auth()->user()->teamMemberDetails($teamId)->firstOrFail();
    $team = Team::findOrFail($teamId);

    if (!$teamMember) {
        return response()->json(['message' => 'Member not found'], 404);
    }

    $this->authorize('view', $teamMember);

    $teamMember->signIn();

    return response()->json([
        'message' => 'User is now online in the team',
        'data' => [
            "team" => new TeamResource($team),
        ]
    ], 200);
}

Additional Information

• The policies were functioning correctly before the Spatie Laravel Permission package was installed.
  -This issue only started occurring after the installation of the Spatie package.
• I am not using Spatie permissions for this specific authorization check, and it is critical to continue using Laravel's policy-based authorization for this purpose.
  Any assistance or guidance on how to resolve this conflict would be greatly appreciated. Thank you!

[drbyte]

I'm curious: if you downgrade from the latest version 6 to the latest version 5 ( composer ^5.0), does the policy work okay?
Wondering if #2526, added in https://github.com/spatie/laravel-permission/releases/tag/6.0.0, is interfering.
Granted, yours is the first report of any such conflict since that was added.