public function testPermissionsCanBeSetForRoutes() { $user = $this->createUserWithRoles(); \ACL::setUser($user); $controller = Mockery::mock('\\ApiController'); $controller->shouldReceive('tests')->once()->andReturn(\Response::json(['success' => 'great'])); $controller->shouldReceive('getActionPermissions')->once()->andReturn(['tests' => 'job.apply']); \Route::enableFilters(); \Route::filter('test.permissions.filter', function ($route) { require 'app/acl.php'; $permissions = $route->getAction()['uses'][0]->getActionPermissions(); $perm = $permissions[$route->getAction()['uses'][1]]; $this->assertTrue(ACL::permits('job.apply', $route->parameters())); }); \Route::get('/test/perms/{id}', [$controller, 'tests'])->after('test.permissions.filter'); $this->call('GET', '/test/perms/3'); $this->assertResponseOk(); }
return; } $closure = explode('@', \Route::currentRouteAction()); $controllerClass = $closure[0]; $controllerMethod = $closure[1]; $permissionsDefinitionClass = 'Motibu\\Permitters\\Definitions\\' . $controllerClass . 'Permissions'; if (class_exists($permissionsDefinitionClass)) { $permissionsMap = (new $permissionsDefinitionClass())->getPermissions(); // no permissions needed for action if (!isset($permissionsMap[$controllerMethod])) { return; } $permissions = $permissionsMap[$controllerMethod]; $permits = true; foreach ($permissions as $permission) { $permits = $permits && ACL::permits($permission, $route->parameters()); } if (!$permits) { \App::abort(403, 'Unauthorized action.'); } } }); // Allow cross origin requests \Route::filter('allow_cross_origin', function ($route, $request, $response) { $response->header('Access-Control-Allow-Origin', '*'); }); \Route::filter('oauth.add_auth_header', function ($route, $request) { $headers = getallheaders(); if (isset($headers['Authorization'])) { $request->headers->set('Authorization', $headers['Authorization']); }