CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to `laravel-permission` will be documented in this file
 
+## 6.0.1 - 2023-11-06
+
+### What's Changed
+
+- Provide a default team_foreign_key value in case config file isn't upgraded yet or teams feature is unused. Fixes #2535
+- [Docs] Update unsetRelation() example in teams-permissions.md by @shdehnavi in https://github.com/spatie/laravel-permission/pull/2534
+- [Docs] Update link in direct-permissions.md by @sevannerse in https://github.com/spatie/laravel-permission/pull/2539
+
+### New Contributors
+
+- @sevannerse made their first contribution in https://github.com/spatie/laravel-permission/pull/2539
+
+**Full Changelog**: https://github.com/spatie/laravel-permission/compare/6.0.0...6.0.1
+
 ## 6.0.0 - 2023-10-25
 
 ### What's Changed
@@ -698,6 +712,7 @@ The following changes are not "breaking", but worth making the updates to your a
 
 
 
+
 ```
 1. Also this is a good time to point out that now with v2.25.0 and v2.26.0 most permission-cache-reset scenarios may no longer be needed in your app, so it's worth reviewing those cases, as you may gain some app speed improvement by removing unnecessary cache resets.
 
@@ -757,6 +772,7 @@ The following changes are not "breaking", but worth making the updates to your a
 
 
 
+
 ```
 ## 2.19.1 - 2018-09-14
 

config/permission.php

@@ -104,9 +104,8 @@
     'register_permission_check_method' => true,
 
     /*
-     * When set to true, the Spatie\Permission\Listeners\OctaneReloadPermissions listener will be registered
-     * on the Laravel\Octane\Events\OperationTerminated event, this will refresh permissions on every
-     * TickTerminated, TaskTerminated and RequestTerminated
+     * When set to true, Laravel\Octane\Events\OperationTerminated event listener will be registered
+     * this will refresh permissions on every TickTerminated, TaskTerminated and RequestTerminated
      * NOTE: This should not be needed in most cases, but an Octane/Vapor combination benefited from it.
      */
     'register_octane_reset_listener' => false,

docs/basic-usage/direct-permissions.md

@@ -7,7 +7,7 @@ weight: 2
 
 It's better to assign permissions to Roles, and then assign Roles to Users.
 
-See the [Roles vs Permissions](./../best-practices/roles-vs-permissions.md) section of the docs for a deeper explanation.
+See the [Roles vs Permissions](../best-practices/roles-vs-permissions) section of the docs for a deeper explanation.
 
 HOWEVER, If you have reason to directly assign individual permissions to specific users (instead of to roles assigned to those users), you can do that as described below:
 

docs/upgrading.md

@@ -32,25 +32,27 @@ There are a few breaking-changes when upgrading to v6, but most of them won't af
 
 For guidance with upgrading your extended models, your migrations, your routes, etc, see the **Upgrade Essentials** section at the top of this file.
 
-1. If you have overridden the `getPermissionClass()` or `getRoleClass()` methods or have custom Models, you will need to revisit those customizations. See PR #2368 for details. 
+1. Due to the improved ULID/UUID/GUID support, any package methods which accept a Permission or Role `id` must pass that `id` as an `integer`. If you pass it as a numeric string, the functions will attempt to lookup the role/permission as a string. In such cases you may see errors such as `There is no permission named '123' for guard 'web'.` (where `'123'` is being treated as a string because it was passed as a string instead of as an integer). This also applies to arrays of id's: if it's an array of strings we will do a lookup on the name instead of on the id. **This will mostly only affect UI pages** because an HTML Request is received as string data. **The solution is simple:** if you're passing integers to a form field, then convert them back to integers when using that field's data for calling functions to grant/assign/sync/remove/revoke permissions and roles. One way to convert an array of permissions `id`'s from strings to integers is: `collect($validated['permission'])->map(fn($val)=>(int)$val)`
+
+2. If you have overridden the `getPermissionClass()` or `getRoleClass()` methods or have custom Models, you will need to revisit those customizations. See PR #2368 for details. 
 eg: if you have a custom model you will need to make changes, including accessing the model using `$this->permissionClass::` syntax (eg: using `::` instead of `->`) in all the overridden methods that make use of the models.
 
     Be sure to compare your custom models with originals to see what else may have changed.
 
-2. Model and Contract/Interface updates. The Role and Permission Models and Contracts/Interfaces have been updated with syntax changes to method signatures. Update any models you have extended, or contracts implemented, accordingly. See PR #2380 and #2480 for some of the specifics. 
+3. Model and Contract/Interface updates. The Role and Permission Models and Contracts/Interfaces have been updated with syntax changes to method signatures. Update any models you have extended, or contracts implemented, accordingly. See PR #2380 and #2480 for some of the specifics. 
 
-3. Migrations WILL need to be upgraded. (They have been updated to anonymous-class syntax that was introduced in Laravel 8, AND some structural coding changes in the registrar class changed the way we extracted configuration settings in the migration files.) There are no changes to the package's structure since v5, so if you had not customized it from the original then replacing the contents of the file should be enough. (Usually the only customization is if you've switched to UUIDs or customized MySQL index name lengths.)
+4. Migrations WILL need to be upgraded. (They have been updated to anonymous-class syntax that was introduced in Laravel 8, AND some structural coding changes in the registrar class changed the way we extracted configuration settings in the migration files.) There are no changes to the package's structure since v5, so if you had not customized it from the original then replacing the contents of the file should be enough. (Usually the only customization is if you've switched to UUIDs or customized MySQL index name lengths.)
 **If you get the following error, it means your migration file needs upgrading: `Error: Access to undeclared static property Spatie\Permission\PermissionRegistrar::$pivotPermission`**
 
-4. MIDDLEWARE:
+5. MIDDLEWARE:
 
     1. The `\Spatie\Permission\Middlewares\` namespace has been renamed to `\Spatie\Permission\Middleware\` (singular). Update any references to them in your `/app/Http/Kernel.php` and any routes (or imported classes in your routes files) that have the fully qualified namespace.
 
     2. NOTE: For consistency with `PermissionMiddleware`, the `RoleOrPermissionMiddleware` has switched from only checking permissions provided by this package to using `canAny()` to check against any abilities registered by your application. This may have the effect of granting those other abilities (such as Super Admin) when using the `RoleOrPermissionMiddleware`, which previously would have failed silently.
 
     3. In the unlikely event that you have customized the Wildcard Permissions feature by extending the `WildcardPermission` model, please note that the public interface has changed significantly and you will need to update your extended model with the new method signatures.
 
-5. Test suites. If you have tests which manually clear the permission cache and re-register permissions, you no longer need to call `\Spatie\Permission\PermissionRegistrar::class)->registerPermissions();`. In fact, **calls to `->registerPermissions()` MUST be deleted from your tests**. 
+6. Test suites. If you have tests which manually clear the permission cache and re-register permissions, you no longer need to call `\Spatie\Permission\PermissionRegistrar::class)->registerPermissions();`. In fact, **calls to `->registerPermissions()` MUST be deleted from your tests**. 
 
     (Calling `app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();` after creating roles and permissions in migrations and factories and seeders is still okay and encouraged.) 
 

src/PermissionRegistrar.php

@@ -98,7 +98,7 @@ protected function getCacheStoreFromConfig(): Repository
     /**
      * Set the team id for teams/groups support, this id is used when querying permissions/roles
      *
-     * @param  int|string|\Illuminate\Database\Eloquent\Model  $id
+     * @param  int|string|\Illuminate\Database\Eloquent\Model|null  $id
      */
     public function setPermissionsTeamId($id): void
     {

src/PermissionServiceProvider.php

@@ -13,7 +13,6 @@
 use Illuminate\View\Compilers\BladeCompiler;
 use Spatie\Permission\Contracts\Permission as PermissionContract;
 use Spatie\Permission\Contracts\Role as RoleContract;
-use Spatie\Permission\Listeners\OctaneReloadPermissions;
 
 class PermissionServiceProvider extends ServiceProvider
 {
@@ -91,17 +90,25 @@ protected function registerCommands(): void
 
     protected function registerOctaneListener(): void
     {
-        if ($this->app->runningInConsole() || ! $this->app['config']->get('permission.register_octane_reset_listener')) {
+        if ($this->app->runningInConsole() || ! $this->app['config']->get('octane.listeners')) {
             return;
         }
 
-        if (! $this->app['config']->get('octane.listeners')) {
+        $dispatcher = $this->app[Dispatcher::class];
+        // @phpstan-ignore-next-line
+        $dispatcher->listen(function (\Laravel\Octane\Events\OperationTerminated $event) {
+            // @phpstan-ignore-next-line
+            $event->sandbox->make(PermissionRegistrar::class)->setPermissionsTeamId(null);
+        });
+
+        if (! $this->app['config']->get('permission.register_octane_reset_listener')) {
             return;
         }
-
-        $dispatcher = $this->app[Dispatcher::class];
         // @phpstan-ignore-next-line
-        $dispatcher->listen(\Laravel\Octane\Events\OperationTerminated::class, OctaneReloadPermissions::class);
+        $dispatcher->listen(function (\Laravel\Octane\Events\OperationTerminated $event) {
+            // @phpstan-ignore-next-line
+            $event->sandbox->make(PermissionRegistrar::class)->clearPermissionsCollection();
+        });
     }
 
     protected function registerModelBindings(): void