I've made a role middleware to check if user has a specific Role:
namespace App\Http\Middleware;
use Closure;
class CheckRole
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->user() === null) {
return response("Insufficient permissions", 401);
}
$actions = $request->route()->getAction();
$roles = isset($actions['roles']) ? $actions['roles'] : null;
if ($request->user()->hasAnyRole($roles) || !$roles) {
return $next($request);
}
return response("Insufficient permissions", 401);
}
}
If I want to check for some role in a specific role it's easy. I only have to add the middleware and an additional action called roles. E. g.:
Route::get('payments/{id}/pay', [
'uses' => 'PaymentController@aprove',
'as' => 'payments.aprove',
'middleware' => 'roles',
'roles' => [User::ADMINISTRATOR, User::SPOT_MANAGER, User::SELECTION_PROCESS_MANAGER],
]);
Doing this way works as expected. However, I have some routes that are Route::resource instead of get, post, or something like this. Laravel don't allow for specifying roles => [...] in resource.
The documentation says that if I want to inject middleware on resources I should do this on controller. But I can't specify roles => [...] as I used to do in normal routes anywhere! How could I do this?
Thanks in advance.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire