/** * Checks if the user is authorized to access this resource * * The user can have the set store_user_id session variable set * OR * be an admin with the proper permissions * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { // Check if permissions should be ignored if (config('webpanel.ignore_permissions')) { return $next($request); } $store_user_id = $request->session()->get('store_user_id', 'not-set'); //Check if the store_user_id session variable is set if ($store_user_id != "not-set") { $user = StoreUser::find($store_user_id); //Check if the store_user_id is valid if ($user == null) { return redirect()->route('userpanel.auth.index')->withErrors(['You need to login to be able to use this application']); } return $next($request); } //TODO: Implement a way for a admin to impersonate a store user // //Check if the user is logged into the webpanel // if ($this->auth->check()) { // //Get the name of the route and the permission required for the route // $routeName = $request->route()->getName(); // $routePermission = config('route_perms.' . $routeName); // // //Check if the permissions is set // //if ($routePermission == "" || $routePermission == NULL) { // // return $next($request); // //} // // //If the permission is set, check if the user has got the permission // if (!$this->auth->user()->can($routePermission)) { // //TODO: Change the URL // return redirect()->route('userpanel.auth.index')->withErrors(['You do not have the permission that is required to perform this action']); // } // } return redirect()->route('userpanel.auth.index')->withErrors(['You need to login to be able to use this application']); }
/** * Returns the Datatables data * Get the Useritems for the user * * @param $request * @return mixed */ public function getUserData(Request $request) { $user = StoreUser::find($request->session()->get('store_user_id')); $useritems = $user->items(); return Datatables::of($useritems)->addColumn('action', function ($item) { $actions = view('templates.' . \Config::get('userpanel.template') . 'userpanel.useritems._sellactions', compact('item'))->render(); return $actions; })->make(true); }
public function ComposeUserPanelHeader() { view()->composer('templates.' . \Config::get('webpanel.template') . 'userpanel.includes.header', function ($view) { $store_user = StoreUser::find(Session("store_user_id")); $credits = $store_user->credits; $owned_item_count = $store_user->items()->count(); $latest_items = $store_user->items()->orderBy('acquire_date', 'desc')->take(5)->get(); $owned_loadout_count = $store_user->owned_loadouts()->count(); $subscribed_loadout_count = $store_user->subscribed_loadouts()->count(); if ($equipped_loadout = $store_user->equipped_loadout != NULL) { $equipped_loadout = $store_user->equipped_loadout->display_name; } else { $equipped_loadout = NULL; } $view->with('latest_items', $latest_items); $view->with('username', Session("store_user_name")); $view->with('credits', $credits); $view->with('owned_item_count', $owned_item_count); $view->with('owned_loadout_count', $owned_loadout_count); $view->with('subscribed_loadout_count', $subscribed_loadout_count); $view->with('equipped_loadout_name', $equipped_loadout); }); }