mercredi 29 novembre 2017

Inject Route Action on Controller

I've made a role middleware to check if user has a specific Role:

namespace App\Http\Middleware;

use Closure;

class CheckRole
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($request->user() === null) {
            return response("Insufficient permissions", 401);
        }
        $actions = $request->route()->getAction();
        $roles = isset($actions['roles']) ? $actions['roles'] : null;
        if ($request->user()->hasAnyRole($roles) || !$roles) {
            return $next($request);
        }
        return response("Insufficient permissions", 401);
    }
}

If I want to check for some role in a specific role it's easy. I only have to add the middleware and an additional action called roles. E. g.:

Route::get('payments/{id}/pay', [
    'uses' => 'PaymentController@aprove',
    'as' => 'payments.aprove',
    'middleware' => 'roles',
    'roles' => [User::ADMINISTRATOR, User::SPOT_MANAGER, User::SELECTION_PROCESS_MANAGER],
]);

Doing this way works as expected. However, I have some routes that are Route::resource instead of get, post, or something like this. Laravel don't allow for specifying roles => [...] in resource.

The documentation says that if I want to inject middleware on resources I should do this on controller. But I can't specify roles => [...] as I used to do in normal routes anywhere! How could I do this?

Thanks in advance.



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire