/** * Handle an incoming request. * * @param Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { list($controller, $action) = $this->getControllerAndAction(); $bindings = $this->getBindings(); $authorized = false; /** @var Roleable $user */ $user = $this->auth->user(); $args = func_get_args(); if (count($args) > 2) { // Role based authorization $roles = $this->getAllowedRoles(array_slice($args, 2)); if (!$user && in_array($this->getGuestRole(), $roles)) { $authorized = true; } elseif ($user && $user->hasRole($roles)) { $authorized = true; } } else { // Permission based authorization if ($this->gate->forUser($user)->check($action, array_merge([$controller], $bindings))) { $authorized = true; } } // if user is not authorized, we will return errror response if (!$authorized) { $this->reportUnauthorizedAttempt($controller, $action, $request, $bindings); return $this->errorResponse($request); } return $next($request); }