1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 13:12:50 +01:00
invoiceninja/app/Http/Middleware/PermissionsRequired.php

67 lines
1.8 KiB
PHP
Raw Normal View History

2017-01-30 20:40:43 +01:00
<?php
namespace App\Http\Middleware;
2016-03-16 00:08:00 +01:00
use App\Http\Controllers\Controller;
2016-03-16 00:08:00 +01:00
use Auth;
2017-01-30 20:40:43 +01:00
use Closure;
use Illuminate\Http\Request;
2016-03-16 00:08:00 +01:00
/**
2017-01-30 20:40:43 +01:00
* Class PermissionsRequired.
*/
class PermissionsRequired
{
/**
* @var array
2016-03-16 00:08:00 +01:00
*/
2017-01-30 17:05:31 +01:00
protected static $actions = [];
/**
* Handle an incoming request.
*
2017-01-30 20:40:43 +01:00
* @param Request $request
* @param Closure $next
* @param string $guard
*
* @return mixed
*/
public function handle(Request $request, Closure $next, $guard = 'user')
{
// Get the current route.
$route = $request->route();
// Get the current route actions.
$actions = $route->getAction();
// Check if we have any permissions to check the user has.
2017-01-30 20:40:43 +01:00
if ($permissions = ! empty($actions['permissions']) ? $actions['permissions'] : null) {
if (! Auth::user($guard)->hasPermission($permissions, ! empty($actions['permissions_require_all']))) {
return response('Unauthorized.', 401);
}
}
// Check controller permissions
$action = explode('@', $request->route()->getActionName());
if (isset(static::$actions[$action[0]]) && isset(static::$actions[$action[0]][$action[1]])) {
2016-03-16 00:08:00 +01:00
$controller_permissions = static::$actions[$action[0]][$action[1]];
2017-01-30 20:40:43 +01:00
if (! Auth::user($guard)->hasPermission($controller_permissions)) {
return response('Unauthorized.', 401);
}
2016-03-16 00:08:00 +01:00
}
return $next($request);
}
2016-03-16 00:08:00 +01:00
/**
2017-01-30 20:40:43 +01:00
* add a controller's action permission.
2016-03-16 00:08:00 +01:00
*
* @param Controller $controller
2017-01-30 20:40:43 +01:00
* @param array $permissions
2016-03-16 00:08:00 +01:00
*/
public static function addPermission(Controller $controller, array $permissions)
2016-03-16 00:08:00 +01:00
{
static::$actions[get_class($controller)] = $permissions;
}
}