|-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); /* |-------------------------------------------------------------------------- | Roles & Permissions Filters |-------------------------------------------------------------------------- | */ Entrust::routeNeedsRole('admin', ['Administrator', 'Users Manager', 'Premium Author', 'Author', 'Eraser'], Redirect::to('/'), false); Entrust::routeNeedsPermission('admin/xcasts*', ['manage_premium_casts', 'manage_free_casts', 'delete_casts'], Redirect::to('admin'), false); Entrust::routeNeedsPermission('admin/series*', ['manage_series', 'delete_series'], Redirect::to('admin'), false); Entrust::routeNeedsPermission('admin/users*', ['manage_users', 'delete_users'], Redirect::to('admin'), false); Route::filter('can_manage_premium_casts', function () { if (Xcast::find(Route::input('xcasts'))->levels > 0) { if (!Entrust::can('manage_premium_casts') && !Entrust::can('delete_casts')) { return Redirect::to('admin'); } } });
public function uploadVideo($id) { $xcast = Xcast::find($id); return View::make('admin.xcasts.upload_video', compact('xcast')); }