/**
* Run the request filter.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $permission
* @return mixed
*/
public function handle($request, \Closure $next, $permission = null)
{
$route = $request->route();
if (empty($permission)) {
$permissions = $this->resolvePermissions($route);
} else {
$permissions = [$permission];
}
foreach ($permissions as $permission) {
if (!Auth::check() || !$this->manager->checkAccess(Auth::user(), $permission, $route->parameters())) {
throw new AccessDeniedHttpException();
}
}
return $next($request);
}
public function allowed($itemName, $params = [])
{
return Rbac::checkAccess($this, $itemName, $params);
}
