/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!\Sentinel::check()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest(route('admin.login'));
}
}
if ($request->route()->getName() == "admin.logout") {
return $next($request);
}
if (count($request->route()->parameters()) == 0) {
//Dashboard or some custom page
if ($request->route()->getName() == "admin.dashboard" || starts_with($request->route()->getName(), "admin.upload.") || starts_with($request->route()->getName(), "elfinder.")) {
if (\Sentinel::hasAnyAccess(['superadmin', 'controlpanel'])) {
return $next($request);
} else {
\Sentinel::logout(null, true);
return redirect()->guest(route('admin.login'));
}
}
} else {
//use dynamic permissions
$route_alias = explode(".", $request->route()->getName());
if (!isset($route_alias[2])) {
$route_alias[2] = 'view';
} elseif ($route_alias[2] == 'update') {
$route_alias[2] = 'edit';
} elseif ($route_alias[2] == 'store') {
$route_alias[2] = 'create';
} else {
$route_alias[2];
}
if (is_null($request->route()->parameters()['adminModel']->permission())) {
if ($route_alias[2] == "view") {
$model_permissions = ["admin." . $request->route()->parameters()['adminModel']->alias() . ".view"];
} else {
$model_permissions = ["admin." . $request->route()->parameters()['adminModel']->alias() . "." . $route_alias[2]];
}
} else {
$model_permissions = explode(",", $request->route()->parameters()['adminModel']->permission());
if ($route_alias[2] == "view") {
$model_permissions[] = "admin." . $request->route()->parameters()['adminModel']->alias() . ".view";
} else {
$model_permissions[] = "admin." . $request->route()->parameters()['adminModel']->alias() . "." . $route_alias[2];
}
}
$model_permissions[] = "superadmin";
if (\Sentinel::hasAnyAccess($model_permissions)) {
return $next($request);
}
}
return redirect()->route('admin.dashboard')->withErrors('Permission denied.');
}
public function postLogin()
{
$rules = config('admin.auth.rules');
$data = \Input::only(array_keys($rules));
$lang = trans('admin::validation');
if ($lang == 'admin::validation') {
$lang = [];
}
$validator = \Validator::make($data, $rules, $lang);
if ($validator->fails()) {
return \Redirect::back()->withInput()->withErrors($validator);
}
if (\Sentinel::authenticate($data)) {
if (\Sentinel::hasAnyAccess(['superadmin', 'controlpanel'])) {
return \Redirect::intended(route('admin.wildcard', '/'));
} else {
return $this->getLogout();
}
}
$message = new MessageBag(['email' => trans('sentinel::lang.auth.wrong-email'), 'password' => trans('sentinel::lang.auth.wrong-password')]);
return \Redirect::back()->withInput()->withErrors($message);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$custom_routes = config('admin.custom_routes');
$system_route = false;
$route_name = $request->route()->getName();
$route_parameters = $request->route()->parameters();
if (!\Sentinel::check()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest(route('admin.login'));
}
}
if ($route_name == "admin.logout") {
return $next($request);
}
if (starts_with($route_name, "elfinder.") || starts_with($route_name, "admin.upload.") || starts_with($route_name, 'admin.settings')) {
$system_route = true;
}
if (array_key_exists($route_name, $custom_routes) || $system_route) {
$config_permissions = !$system_route ? $custom_routes[$route_name]['permission'] : null;
$check_permissions = !empty($config_permissions) ? $config_permissions : config('admin.defaultPermission');
if (\Sentinel::hasAnyAccess($check_permissions)) {
return $next($request);
} elseif (array_key_exists('logout', $custom_routes[$route_name]) && $custom_routes[$route_name]['logout']) {
\Sentinel::logout(null, true);
return redirect()->guest(route('admin.login'));
}
} else {
//use dynamic permissions
$route_alias = explode(".", $route_name);
if (!isset($route_alias[2])) {
$route_alias[2] = 'view';
} elseif ($route_alias[2] == 'update') {
$route_alias[2] = 'edit';
} elseif ($route_alias[2] == 'store') {
$route_alias[2] = 'create';
} else {
$route_alias[2];
}
if (is_null($route_parameters['adminModel']->permission())) {
if ($route_alias[2] == "view") {
$model_permissions = ["admin." . $route_parameters['adminModel']->alias() . ".view"];
} else {
$model_permissions = ["admin." . $route_parameters['adminModel']->alias() . "." . $route_alias[2]];
}
} else {
$model_permissions = explode(",", $route_parameters['adminModel']->permission());
if ($route_alias[2] == "view") {
$model_permissions[] = "admin." . $route_parameters['adminModel']->alias() . ".view";
} else {
$model_permissions[] = "admin." . $route_parameters['adminModel']->alias() . "." . $route_alias[2];
}
}
$model_permissions[] = "superadmin";
if (\Sentinel::hasAnyAccess($model_permissions)) {
return $next($request);
}
}
flash()->error(trans('admin::lang.permission.denied'));
return redirect()->route('admin.dashboard');
}
/**
* Check if instance is deletable
* @return bool
*/
protected function deletable()
{
return !$this->trashed() && !is_null($this->model()->delete($this->instance->getKey())) && \Sentinel::hasAnyAccess($this->getPermissions('destroy'));
}
protected function getParams()
{
$permissions[] = 'admin.' . $this->model()->alias() . '.create';
$permissions[] = "superadmin";
if (!is_null($this->model()->permission())) {
$permissions = array_merge($permissions, explode(",", $this->model()->permission()));
}
return ['title' => $this->title(), 'columns' => $this->allColumns(), 'creatable' => !is_null($this->model()->create()) && \Sentinel::hasAnyAccess($permissions), 'createUrl' => $this->model()->createUrl($this->parameters() + Input::all()), 'actions' => $this->actions(), 'dropdowns' => $this->dropdowns()];
}
<?php
if (Sentinel::check()) {
if (Sentinel::hasAnyAccess('admin.menus.*', 'superadmin')) {
Admin::menu(App\Menu::class)->icon('fa-sitemap');
}
if (Sentinel::hasAnyAccess('admin.pages.*', 'superadmin')) {
Admin::menu(App\Page::class)->icon('fa-file-text-o');
}
if (Sentinel::hasAnyAccess('admin.tags.*', 'superadmin')) {
Admin::menu(App\Tag::class)->icon('fa-tags');
}
if (Sentinel::hasAnyAccess('admin.comments.*', 'superadmin')) {
Admin::menu(App\Comment::class)->icon('fa-comments');
}
if (Sentinel::hasAnyAccess('admin.sitemaps.*', 'superadmin')) {
Admin::menu(App\Sitemap::class)->icon('fa-sitemap');
}
}
/**
* Menu
*/
//$user = Sentinel::findById(4);
//dd($user);
//$activation = Activation::create($user);
Admin::model('App\\Menu')->title('Menu')->alias('menus')->display(function () {
$display = AdminDisplay::tree();
$display->value('lable');
return $display;
})->createAndEdit(function () {
$form = AdminForm::form();
