/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $request->project; if ($this->repository->isOwner($projectId, $userId) == false) { return ['error' => 'Access Forbidden']; } return $next($request); }
private function checkProjectOwner($porjectId) { $userId = Authorizer::getResourceOwnerId(); return $this->repository->isOwner($porjectId, $userId); }