When using the dev version, I noticed that a newly created admin user wasn't able to access the admin page.
Which was odd, because they were definitely an admin in the database.
$ docker exec -ti linguacafe-database-dev mysql -ulinguacafe-dev -p
mysql> use linguacafe-dev; select id, is_admin from users;
Database changed
+----+----------+
| id | is_admin |
+----+----------+
| 1 | 1 |
+----+----------+
1 row in set (0.00 sec)
Yet in the web interface there was no link to the admin page, and when browsing to /admin a message indicating missing permissions was displayed. Checking the console, the user was not detected as an admin.
user data loaded
Object { language: "spanish", userCount: 1, userName: "test", userEmail: "test@test.com", isAdmin: false, theme: "dark", themeSettings: [], userUuid: "90bddb44-83b5-4163-9644-ad57e91f040c", user: {…} }
I think this is because of this line in UserController.php:
$isAdmin = Auth::user()->is_admin === 1;
This assumes is_admin is always an integer. Depending on how the value is returned (e.g. "1" as a string from the DB), this strict comparison can incorrectly return false. If we use a bool instead, the user is correctly identified as an admin.
$isAdmin = (bool) Auth::user()->is_admin;
When using the dev version, I noticed that a newly created admin user wasn't able to access the admin page.
Which was odd, because they were definitely an admin in the database.
Yet in the web interface there was no link to the admin page, and when browsing to
/admina message indicating missing permissions was displayed. Checking the console, the user was not detected as an admin.I think this is because of this line in
UserController.php:This assumes is_admin is always an integer. Depending on how the value is returned (e.g. "1" as a string from the DB), this strict comparison can incorrectly return false. If we use a bool instead, the user is correctly identified as an admin.