Bugfix: include class in cache key to prevent incorrect cached values (#15)

* added test for policies depending on user class

* bug fix: include the user class in the cache key

---------

Co-authored-by: Lennart Hengstmengel <[email protected]>

Author: vazaha-nl

src/LaravelPolicySoftCache.php

@@ -97,6 +97,6 @@ protected function callPolicyMethod(Model $user, object $policy, string $ability
      */
     protected function getCacheKey(Model $user, object $policy, array $args, string $ability): string
     {
-        return $user->{$user->getKeyName()}.'_'.hash_hmac('sha512', (string) json_encode($args), config('app.key')).'_'.$ability.'_'.$policy::class;
+        return get_class($user).'_'.$user->{$user->getKeyName()}.'_'.hash_hmac('sha512', (string) json_encode($args), config('app.key')).'_'.$ability.'_'.$policy::class;
     }
 }

tests/PolicySoftCacheTest.php

@@ -92,6 +92,20 @@
     expect(true)->toBeTrue();
 });
 
+it('caches correct value if it depends on the user class', function () {
+    $user = new User();
+    $customUser = new CustomUser();
+    $testModel = new TestModel();
+
+    Gate::policy(TestModel::class, PolicyWithDifferingCustomUserLogic::class);
+
+    $userCanView = $user->can('view', $testModel);
+    expect($userCanView)->toBeTrue();
+
+    $customUserCanView = $customUser->can('view', $testModel);
+    expect($customUserCanView)->toBeFalse();
+});
+
 class PolicyWithSoftCache implements SoftCacheable
 {
     public static int $called = 0;
@@ -127,3 +141,19 @@ public function create(User $user, int $value): bool
 class TestModel extends Model
 {
 }
+
+class CustomUser extends User
+{
+}
+
+class PolicyWithDifferingCustomUserLogic implements SoftCacheable
+{
+    public function view(User|CustomUser $user, TestModel $model): bool
+    {
+        if ($user instanceof CustomUser) {
+            return false;
+        }
+
+        return true;
+    }
+}