/** * Handle an incoming request. * * @param Request $request * @param Closure $next * @param string $action * @param string $resource * @return mixed */ public function handle(Request $request, Closure $next, $action, $resource = null) { $user = $this->jwtAuth->getUser(); $lock = $this->lock->makeCallerLockAware($user); if (!$user->can($action, $resource)) { throw new ForbiddenException(); } return $next($request); }
/** * Set permissions to be used in the controller. * * @param Request $request * @return void */ public function permissions(Request $request) { $this->lock->setRole(User::$userTypes); $user = $this->jwtAuth->user(); $owner = [User::class, 'userIsOwner', $user, last($request->segments())]; $this->lock->role(User::USER_TYPE_ADMIN)->permit(['readAll', 'readOne', 'update', 'delete']); $this->lock->role(User::USER_TYPE_GUEST)->permit(['readOne', 'update'], [$owner]); $this->middleware('permission:readAll', ['only' => 'getAllPaginated']); $this->middleware('permission:readOne', ['only' => 'getOne']); $this->middleware('permission:update', ['only' => 'patchOne']); $this->middleware('permission:delete', ['only' => 'deleteOne']); }