/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$userId = Authorizer::getResourceOwnerId();
$projectId = $request->project;
if ($this->repository->isOwner($projectId, $userId) == false) {
return ['error' => 'Access forbidden'];
}
return $next($request);
}
/**
* @param $projectId
* @return array
*/
private function checkProjectOwner($projectId)
{
$userId = Authorizer::getResourceOwnerId();
return $this->repository->isOwner($projectId, $userId);
}
