/**
* checkPermission
*
* @return void
*/
protected function checkPermission()
{
$item = $this->getMenuItem();
$user = Auth::user();
$rating = $user->getRating();
if (!$item->activated || $rating !== 'super' && $this->gate->denies('access', $item)) {
throw new AccessDeniedHttpException();
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if ($this->page->aclEnabled()) {
if (!$this->guard->check()) {
return new RedirectResponse(route('login'));
}
if ($this->gate->denies('view', $this->page)) {
abort(403);
}
}
return $next($request);
}
/**
* Returns the html for given item set
*
* @param array $items
* @return string
*/
public function makeNavigationLinks(array $items)
{
$html = '';
foreach ($items as $item) {
if ($item === 'splitter') {
$html .= '<li class="dropdown-sub__splitter navigation-module-sub__splitter"></li>';
continue;
}
if (isset($item['permission']) && $this->gate->denies($item['permission'])) {
continue;
}
$html .= $this->navigationModuleLink($item['route'], $item['icon'], $item['title'], isset($item['options']) ? $item['options'] : []);
}
return $html;
}
/**
* 현재 요청에 대한 권한이 있는지 검사한다. Guest일 경우 무조건 권한없음으로 처리하며, 최고관리자인 경우 무조건 통과시킨다.
*
* @param Request $request current request
*
* @throws \Xpressengine\Permission\Exceptions\NotSupportedException
* @return void
*/
protected function checkPermission(Request $request)
{
$user = $request->user();
if ($user instanceof Guest) {
throw new AccessDeniedHttpException();
}
if ($user->getRating() === Rating::SUPER) {
return;
}
$route = $request->route();
$permissionId = array_get($route->getAction(), 'permission');
if ($permissionId === null) {
throw new AccessDeniedHttpException();
}
if ($this->gate->denies('access', new Instance('settings.' . $permissionId))) {
throw new AccessDeniedHttpException();
}
}
