/** * checkPermission * * @return void */ protected function checkPermission() { $item = $this->getMenuItem(); $user = Auth::user(); $rating = $user->getRating(); if (!$item->activated || $rating !== 'super' && $this->gate->denies('access', $item)) { throw new AccessDeniedHttpException(); } }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle(Request $request, Closure $next) { if ($this->page->aclEnabled()) { if (!$this->guard->check()) { return new RedirectResponse(route('login')); } if ($this->gate->denies('view', $this->page)) { abort(403); } } return $next($request); }
/** * Returns the html for given item set * * @param array $items * @return string */ public function makeNavigationLinks(array $items) { $html = ''; foreach ($items as $item) { if ($item === 'splitter') { $html .= '<li class="dropdown-sub__splitter navigation-module-sub__splitter"></li>'; continue; } if (isset($item['permission']) && $this->gate->denies($item['permission'])) { continue; } $html .= $this->navigationModuleLink($item['route'], $item['icon'], $item['title'], isset($item['options']) ? $item['options'] : []); } return $html; }
/** * 현재 요청에 대한 권한이 있는지 검사한다. Guest일 경우 무조건 권한없음으로 처리하며, 최고관리자인 경우 무조건 통과시킨다. * * @param Request $request current request * * @throws \Xpressengine\Permission\Exceptions\NotSupportedException * @return void */ protected function checkPermission(Request $request) { $user = $request->user(); if ($user instanceof Guest) { throw new AccessDeniedHttpException(); } if ($user->getRating() === Rating::SUPER) { return; } $route = $request->route(); $permissionId = array_get($route->getAction(), 'permission'); if ($permissionId === null) { throw new AccessDeniedHttpException(); } if ($this->gate->denies('access', new Instance('settings.' . $permissionId))) { throw new AccessDeniedHttpException(); } }