[Lumen] Call to undefined method App\Models\User::canAny() about laravel-permission HOT 6 CLOSED

The canAny() method comes from the Illuminate\Foundation\Auth\Access\Authorizable trait provided by Laravel.

The Permission middleware uses it so that its results are the same as if you had called canAny() directly.

Aside: You don't need to include the HasPermissions trait when you're already including the HasRoles trait, because HasRoles includes HasPermissions automatically.

from laravel-permission.

class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject

You didn't post your complete User model.
Specifically: you didn't post the code that shows what namespace it is declared in, to be sure it matches the error message and therefore isn't hitting some other part of your code.
You also didn't post the imported use classes that show what the AuthorizableContract is an alias of.

from laravel-permission.

class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject

You didn't post your complete User model. Specifically: you didn't post the code that shows what namespace it is declared in, to be sure it matches the error message and therefore isn't hitting some other part of your code. You also didn't post the imported use classes that show what the AuthorizableContract is an alias of.

The code for the User model is as follows:

<?php

namespace App\Models;

use Illuminate\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Laravel\Lumen\Auth\Authorizable;
use Spatie\Permission\Traits\HasRoles;
use Tymon\JWTAuth\Contracts\JWTSubject;

class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject
{
    use Authenticatable, Authorizable, HasFactory, HasRoles;

    /**
     * The attributes that are mass assignable.
     *
     * @var string[]
     */
    protected $fillable = [
        'name',
        'username',
        'password',
    ];

    /**
     * The attributes excluded from the model's JSON form.
     *
     * @var string[]
     */
    protected $hidden = [
        'password',
    ];


    /**
     * Get the identifier that will be stored in the subject claim of the JWT.
     *
     * @return mixed
     */
    public function getJWTIdentifier()
    {
        return $this->getKey();
    }

    /**
     * Return a key value array, containing any custom claims to be added to the JWT.
     *
     * @return array
     */
    public function getJWTCustomClaims()
    {
        return [];
    }
}

Note that in the above model, I have attempted to remove the HasPermissions trait, but the result remains the same (error: Call to undefined method App\Models\User::canAny()).

from laravel-permission.

your code:
use Illuminate\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Laravel\Lumen\Auth\Authorizable;
use Spatie\Permission\Traits\HasRoles;
use Tymon\JWTAuth\Contracts\JWTSubject;

class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject
{
use Authenticatable, Authorizable, HasFactory, HasRoles;

Note that because of your imports at the top of the class, your use Authenticatable, Authorizable, HasFactory, HasRoles; line is using the Laravel\Lumen\Auth\Authorizable trait instead of Laravel's Illuminate\Foundation\Auth\Access\Authorizable.
Lumen doesn't implement canAny(), which is why your canAny() error is appearing.

You will either need to use Laravel's Authorizable trait, or re-implement the missing methods in your User model.

The docs have been updated to include a note about this.

from laravel-permission.

your code:
use Illuminate\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Laravel\Lumen\Auth\Authorizable;
use Spatie\Permission\Traits\HasRoles;
use Tymon\JWTAuth\Contracts\JWTSubject;

class User extends Model implements AuthenticatableContract, AuthorizableContract, JWTSubject { use Authenticatable, Authorizable, HasFactory, HasRoles;

Note that because of your imports at the top of the class, your use Authenticatable, Authorizable, HasFactory, HasRoles; line is using the Laravel\Lumen\Auth\Authorizable trait instead of Laravel's Illuminate\Foundation\Auth\Access\Authorizable. Lumen doesn't implement canAny(), which is why your canAny() error is appearing.

You will either need to use Laravel's Authorizable trait, or re-implement the missing methods in your User model.

The docs have been updated to include a note about this.

I attempted to implement some missing methods from Illuminate\Foundation\Auth\Access\Authorizable, but it resulted in another issue, such as:

"Spatie\Permission\PermissionServiceProvider::Spatie\Permission{closure}(): Argument #2 ($app) must be of type Illuminate\Contracts\Foundation\Application, Laravel\Lumen\Application given, called in C:\laragon\www\api-blog\vendor\illuminate\container\Container.php on line 1302"

As an alternative, I tried creating or copying a new middleware from Spatie\Permission\Middleware\PermissionMiddleware::class with code modifications:

class PermissionMiddleware
{
    public function handle($request, Closure $next, $permission, $guard = null)
    {
        //.. other code parts

        if (!$user->canAny($permissions)) {
            throw UnauthorizedException::forPermissions($permissions);
        }

        return $next($request);
    }

   //.. other code parts
}

Changed to:

class PermissionMiddleware
{
    public function handle($request, Closure $next, $permission, $guard = null)
    {
        //.. other code parts

        if (!$user->hasAnyPermission($permissions)) {
            throw UnauthorizedException::forPermissions($permissions);
        }

        return $next($request);
    }

    //.. other code parts
}

The above code works well and meets my expectations for the time being.

from laravel-permission.

Yes, that was going to be my next suggestion: clone the middleware from this package and replace canAny with hasAnyPermission.
Seems like the best solution.

from laravel-permission.