Fix issue with 'has_role' access condition

app/src/Authorize/AccessConditions.php

@@ -18,6 +18,7 @@
 use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\GroupInterface;
 use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\RoleInterface;
 use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface;
+use UserFrosting\Sprinkle\Account\Database\Models\RoleUsers;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
 
 /**
@@ -94,16 +95,14 @@ public function equals_num(mixed $val1, mixed $val2): bool
      */
     public function has_role(int|UserInterface $user, int|RoleInterface $role): bool
     {
-        /** @var User|null */
-        $user = ($user instanceof UserInterface) ? $user : $this->user::find($user);
+        $user_id = ($user instanceof UserInterface) ? $user->id : $user;
         $role_id = ($role instanceof RoleInterface) ? $role->id : $role;
 
-        // No user found, no role.
-        if ($user === null) {
-            return false;
-        }
+        $count = RoleUsers::where('user_id', $user_id)
+                          ->where('role_id', $role_id)
+                          ->count();
 
-        return $user->whereRelation('roles', 'id', $role_id)->count() > 0;
+        return $count > 0;
     }
 
     /**

app/src/Database/Models/RoleUsers.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * UserFrosting Account Sprinkle (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/sprinkle-account
+ * @copyright Copyright (c) 2022 Alexander Weissman & Louis Charette
+ * @license   https://github.com/userfrosting/sprinkle-account/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Account\Database\Models;
+
+use Illuminate\Database\Eloquent\Relations\Pivot;
+use UserFrosting\Sprinkle\Core\Database\Models\Model;
+
+/**
+ * Represents a the User-Role many-to-many relationship intermediate table.
+ *
+ * @mixin \Illuminate\Database\Eloquent\Builder
+ */
+class RoleUsers extends Pivot
+{
+    /**
+     * @var string The name of the table for the current model.
+     */
+    protected $table = 'role_users';
+}

app/src/Database/Models/User.php

@@ -463,7 +463,9 @@ public function roles(): BelongsToMany
         /** @var string */
         $relation = static::$ci?->get(RoleInterface::class);
 
-        return $this->belongsToMany($relation, 'role_users')->withTimestamps();
+        return $this->belongsToMany($relation, 'role_users')
+                    ->using(RoleUsers::class)
+                    ->withTimestamps();
     }
 
     /**

app/tests/Authorize/AccessConditionsTest.php

@@ -100,18 +100,28 @@ public function testHasRole(): void
         $this->refreshDatabase();
 
         /** @var Role */
-        $role = Role::factory()->create();
+        $role1 = Role::factory()->create();
+
+        /** @var Role */
+        $role2 = Role::factory()->create();
+
+        /** @var User */
+        $user1 = User::factory()->create();
 
         /** @var User */
-        $user = User::factory()->create();
+        $user2 = User::factory()->create();
 
         // Set relationships
-        $user->roles()->attach($role);
+        $user1->roles()->attach($role1);
+        $user2->roles()->attach($role1);
+        $user2->roles()->attach($role2);
 
         $callbacks = new AccessConditions($this->config);
-        $this->assertTrue($callbacks->has_role($user, $role));
-        $this->assertTrue($callbacks->has_role($user->id, $role->id));
-        $this->assertFalse($callbacks->has_role($user->id, $role->id + 1));
+        $this->assertTrue($callbacks->has_role($user1, $role1));
+        $this->assertTrue($callbacks->has_role($user1->id, $role1->id));
+        $this->assertTrue($callbacks->has_role($user2->id, $role1->id));
+        $this->assertTrue($callbacks->has_role($user2->id, $role2->id));
+        $this->assertFalse($callbacks->has_role($user1->id, $role2->id));
     }
 
     public function testHasRoleForUnknownUser(): void