/**
* Handle an incoming request.
*
* @param Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
list($controller, $action) = $this->getControllerAndAction();
$bindings = $this->getBindings();
$authorized = false;
/** @var Roleable $user */
$user = $this->auth->user();
$args = func_get_args();
if (count($args) > 2) {
// Role based authorization
$roles = $this->getAllowedRoles(array_slice($args, 2));
if (!$user && in_array($this->getGuestRole(), $roles)) {
$authorized = true;
} elseif ($user && $user->hasRole($roles)) {
$authorized = true;
}
} else {
// Permission based authorization
if ($this->gate->forUser($user)->check($action, array_merge([$controller], $bindings))) {
$authorized = true;
}
}
// if user is not authorized, we will return errror response
if (!$authorized) {
$this->reportUnauthorizedAttempt($controller, $action, $request, $bindings);
return $this->errorResponse($request);
}
return $next($request);
}
