@@ 7-35 (lines=29) @@ | ||
4 | ||
5 | use Closure; |
|
6 | ||
7 | class PermissionMiddleware |
|
8 | { |
|
9 | /** |
|
10 | * Handle an incoming request. |
|
11 | * |
|
12 | * @param \Illuminate\Http\Request $request |
|
13 | * @param \Closure $next |
|
14 | * @param string $permission |
|
15 | * @return mixed |
|
16 | */ |
|
17 | public function handle($request, Closure $next, $permission) |
|
18 | { |
|
19 | if (! $request->user() || ! $request->user()->can($permission)) { |
|
20 | if ($request->ajax()) { |
|
21 | return response()->json([ |
|
22 | 'error' => [ |
|
23 | 'status_code' => 401, |
|
24 | 'code' => 'INSUFFICIENT_PERMISSIONS', |
|
25 | 'description' => 'You are not authorized to access this resource.', |
|
26 | ], |
|
27 | ], 401); |
|
28 | } |
|
29 | ||
30 | return abort(401, 'You are not authorized to access this resource.'); |
|
31 | } |
|
32 | ||
33 | return $next($request); |
|
34 | } |
|
35 | } |
|
36 |
@@ 7-35 (lines=29) @@ | ||
4 | ||
5 | use Closure; |
|
6 | ||
7 | class RoleMiddleware |
|
8 | { |
|
9 | /** |
|
10 | * Handle an incoming request. |
|
11 | * |
|
12 | * @param \Illuminate\Http\Request $request |
|
13 | * @param \Closure $next |
|
14 | * @param string $role |
|
15 | * @return mixed |
|
16 | */ |
|
17 | public function handle($request, Closure $next, $role) |
|
18 | { |
|
19 | if (! $request->user() || ! $request->user()->isRole($role)) { |
|
20 | if ($request->ajax()) { |
|
21 | return response()->json([ |
|
22 | 'error' => [ |
|
23 | 'status_code' => 401, |
|
24 | 'code' => 'INSUFFICIENT_PERMISSIONS', |
|
25 | 'description' => 'You are not authorized to access this resource.', |
|
26 | ], |
|
27 | ], 401); |
|
28 | } |
|
29 | ||
30 | return abort(401, 'You are not authorized to access this resource.'); |
|
31 | } |
|
32 | ||
33 | return $next($request); |
|
34 | } |
|
35 | } |
|
36 |