/** * Show the index page for all staff. * Responds to requests to GET /staff * * @return Response */ public function index() { if (Auth::user()->is_admin) { $centreStaff = Staff::all(); } else { $centreStaff = Staff::ofCentres(Auth::user())->get(); } return view('staff.index', compact('centreStaff')); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!$this->auth->user()->is_admin) { // All staff that belongs to the centres that the authenticated user is in charge of $centreStaff = collect(Staff::ofCentres($this->auth->user())->get()->lists('staff_id')); // Redirect user if staff profile accessed is not in list if (!$centreStaff->contains($request->route()->parameter('staff'))) { return redirect('/staff'); } } return $next($request); }