Set default to run after policies

JosephSilber · Feb 21, 2022 · 74403e6 · 74403e6
1 parent fcbb176
commit 74403e6
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 9 deletions.
diff --git a/src/Bouncer.php b/src/Bouncer.php
@@ -453,14 +453,14 @@ public function ability(array $attributes = [])
     }
 
     /**
-     * Set Bouncer to run its checks after the policies.
+     * Set Bouncer to run its checks before the policies.
      *
      * @param  bool  $boolean
      * @return $this
      */
-    public function runAfterPolicies($boolean = true)
+    public function runBeforePolicies($boolean = true)
     {
-        $this->guard->slot($boolean ? 'after' : 'before');
+        $this->guard->slot($boolean ? 'before' : 'after');
 
         return $this;
     }

diff --git a/src/Guard.php b/src/Guard.php
@@ -25,7 +25,7 @@ class Guard
      *
      * @var string
      */
-    protected $slot = 'before';
+    protected $slot = 'after';
 
     /**
      * Create a new guard instance.

diff --git a/tests/AfterPoliciesTest.php → tests/BeforePoliciesTest.php b/tests/AfterPoliciesTest.php → tests/BeforePoliciesTest.php
@@ -7,15 +7,15 @@
 use Silber\Bouncer\Database\Role;
 use Silber\Bouncer\Database\Ability;
 
-class AfterPoliciesTest extends BaseTestCase
+class BeforePoliciesTest extends BaseTestCase
 {
     use Concerns\TestsClipboards;
 
     /**
      * @test
      * @dataProvider bouncerProvider
      */
-    function fails_auth_check_when_policy_fails_even_if_bouncer_allows($provider)
+    function policy_forbids_and_bouncer_allows($provider)
     {
         list($bouncer, $user) = $provider();
 
@@ -26,13 +26,17 @@ function fails_auth_check_when_policy_fails_even_if_bouncer_allows($provider)
         $bouncer->allow($user)->to('view', $account);
 
         $this->assertTrue($bouncer->cannot('view', $account));
+
+        $bouncer->runBeforePolicies();
+
+        $this->assertTrue($bouncer->can('view', $account));
     }
 
     /**
      * @test
      * @dataProvider bouncerProvider
      */
-    function passes_auth_check_when_policy_passes_even_if_bouncer_fails($provider)
+    function policy_allows_and_bouncer_forbids($provider)
     {
         list($bouncer, $user) = $provider();
 
@@ -43,6 +47,10 @@ function passes_auth_check_when_policy_passes_even_if_bouncer_fails($provider)
         $bouncer->forbid($user)->to('view', $account);
 
         $this->assertTrue($bouncer->can('view', $account));
+
+        $bouncer->runBeforePolicies();
+
+        $this->assertTrue($bouncer->cannot('view', $account));
     }
 
     /**
@@ -60,6 +68,10 @@ function passes_auth_check_when_bouncer_allows($provider)
         $bouncer->allow($user)->to('view', $account);
 
         $this->assertTrue($bouncer->can('view', $account));
+
+        $bouncer->runBeforePolicies();
+
+        $this->assertTrue($bouncer->can('view', $account));
     }
 
     /**
@@ -75,6 +87,10 @@ function fails_auth_check_when_bouncer_does_not_allow($provider)
         $account = Account::create(['name' => 'ignored by policy']);
 
         $this->assertTrue($bouncer->cannot('view', $account));
+
+        $bouncer->runBeforePolicies();
+
+        $this->assertTrue($bouncer->cannot('view', $account));
     }
 
     /**
@@ -84,8 +100,6 @@ function fails_auth_check_when_bouncer_does_not_allow($provider)
      */
     protected function setUpWithPolicy(Bouncer $bouncer)
     {
-        $bouncer->runAfterPolicies();
-
         $bouncer->gate()->policy(Account::class, AccountPolicyForAfter::class);
     }
 }

diff --git a/tests/ForbidTest.php b/tests/ForbidTest.php
@@ -221,6 +221,8 @@ function forbidding_an_ability_stops_all_further_checks($provider)
 
         $bouncer->forbid($user)->to('sleep');
 
+        $bouncer->runBeforePolicies();
+
         $this->assertTrue($bouncer->cannot('sleep'));
     }
 }