|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Spekkionu\ZendAcl; |
|
4
|
|
|
|
|
5
|
|
|
use Closure; |
|
6
|
|
|
use Illuminate\Http\Request; |
|
7
|
|
|
use Illuminate\Contracts\Auth\Guard; |
|
8
|
|
|
use Illuminate\Contracts\Config\Repository as Config; |
|
9
|
|
|
use Laminas\Permissions\Acl\Acl; |
|
10
|
|
|
|
|
11
|
|
|
class AclMiddleware |
|
12
|
|
|
{ |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* The Guard implementation. |
|
16
|
|
|
* |
|
17
|
|
|
* @var Guard |
|
18
|
|
|
*/ |
|
19
|
|
|
protected $auth; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* The Acl implementation. |
|
23
|
|
|
* |
|
24
|
|
|
* @var Acl |
|
25
|
|
|
*/ |
|
26
|
|
|
protected $acl; |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* The Config implementation. |
|
30
|
|
|
* |
|
31
|
|
|
* @var Config |
|
32
|
|
|
*/ |
|
33
|
|
|
protected $config; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* Create a new filter instance. |
|
37
|
|
|
* |
|
38
|
|
|
* @param Guard $auth |
|
39
|
|
|
*/ |
|
40
|
7 |
|
public function __construct(Guard $auth, Acl $acl, Config $config) |
|
41
|
|
|
{ |
|
42
|
7 |
|
$this->auth = $auth; |
|
43
|
7 |
|
$this->acl = $acl; |
|
44
|
7 |
|
$this->config = $config; |
|
45
|
7 |
|
} |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* Run the request filter. |
|
49
|
|
|
* |
|
50
|
|
|
* @param \Illuminate\Http\Request $request |
|
51
|
|
|
* @param \Closure $next |
|
52
|
|
|
* @return mixed |
|
53
|
|
|
*/ |
|
54
|
7 |
|
public function handle(Request $request, Closure $next, $resource = null, $permission = null) |
|
55
|
|
|
{ |
|
56
|
7 |
|
if ($this->auth->guest()) { |
|
57
|
5 |
|
if (!$this->acl->isAllowed('guest', $resource, $permission)) { |
|
58
|
5 |
|
return $this->notAllowed($request); |
|
59
|
|
|
} |
|
60
|
2 |
|
} elseif (!$this->acl->isAllowed($this->auth->user(), $resource, $permission)) { |
|
|
|
|
|
|
61
|
1 |
|
return $this->notAllowed($request); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
2 |
|
return $next($request); |
|
65
|
|
|
} |
|
66
|
|
|
|
|
67
|
|
|
/** |
|
68
|
|
|
* Processes not allowed response |
|
69
|
|
|
* |
|
70
|
|
|
* @param Request $request |
|
71
|
|
|
* |
|
72
|
|
|
* @return \Illuminate\Http\Response |
|
73
|
|
|
*/ |
|
74
|
5 |
|
protected function notAllowed(Request $request) |
|
75
|
|
|
{ |
|
76
|
5 |
|
if ($request->ajax()) { |
|
77
|
1 |
|
return response('Unauthorized.', 401); |
|
78
|
|
|
} else { |
|
79
|
4 |
|
$action = $this->config->get('zendacl.action', 'redirect'); |
|
80
|
4 |
|
if ($action == 'redirect') { |
|
81
|
1 |
|
$url = $this->config->get('zendacl.redirect', 'auth/login'); |
|
82
|
1 |
|
return redirect($url); |
|
83
|
3 |
|
} elseif ($action == 'route') { |
|
84
|
1 |
|
$route = $this->config->get('zendacl.redirect'); |
|
85
|
1 |
|
return redirect()->route($route); |
|
86
|
2 |
|
} elseif ($action == 'view') { |
|
87
|
2 |
|
$view = $this->config->get('zendacl.view', 'zendacl::unauthorized'); |
|
88
|
2 |
|
return view($view); |
|
89
|
|
|
} |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
} |
|
93
|
|
|
} |
|
94
|
|
|
|
spekkionu /
laravel-zend-acl
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.