In Laravel 5.8 app using tymon/jwt-auth 1.0.0 I have users_groups table and I need for logged user for some controller to make check if inside of some group. For this in routes/api.php I have :
Route::group(['middleware' => 'jwt.auth', 'prefix' => 'manager', 'as' => 'manager.'], function ($router) {
Route::get('users_of_event_selection/{event_id}', 'API\ManagerController@users_of_event_selection');
Route::post('add_user_to_event', 'API\ManagerController@add_user_to_event');
...
I app/Http/Controllers/API/ManagerController.php I added checks:
public function __construct()
{
$this->middleware('jwt.auth', ['except' => []]);
$request = request();
$this->requestData = $request->all();
$loggedUser= Auth::guard('api')->user();
$userGroupsCount = UsersGroups
::getByUserId($loggedUser->id)
->getByGroupId([ACCESS_ROLE_ADMIN,ACCESS_ROLE_MANAGER])
->count();
if($userGroupsCount == 0) {
return response()->json(['error' => 'Unauthorized'], 401);
}
}
But the code above does not work as I expected and my control's method returns valid data. I suppose I can make small function and to call it in top on any control's method, but if that ig good way? If jwt-auth has any way to extend additive checks ?
Thanks!
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire