/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$route = $this->router->current()->methods()[0] . ' /' . $this->router->current()->uri();
$isPermissionAllRoutes = RoutePermissionModel::getRoutePermissionsRoles('*');
if ($isPermissionAllRoutes) {
if (($user = $this->user($request)) === 401) {
return response()->json(null, 401);
}
$hasRole = $user->hasRole($isPermissionAllRoutes->roles, false);
$hasPerms = $user->can($isPermissionAllRoutes->permissions, false);
$hasRolePerm = $hasRole || $hasPerms || is_array($isPermissionAllRoutes->roles) && in_array('@', $isPermissionAllRoutes->roles);
if (!$hasRolePerm) {
return response()->json(null, 403);
}
}
$routePermission = RoutePermissionModel::getRoutePermissionsRoles($route);
if ($routePermission) {
if (($user = $this->user($request)) === 401) {
return response()->json(null, 401);
}
$hasRole = $user->hasRole($routePermission->roles, false);
$hasPerms = $user->can($routePermission->permissions, false);
$hasRolePerm = $hasRole || $hasPerms || is_array($routePermission->roles) && in_array('@', $routePermission->roles);
if (!$hasRolePerm) {
return response()->json(null, 403);
}
}
return $next($request);
}
/**
* index
* @return json
*/
public function index(Request $request)
{
$routePermissions = RoutePermission::browse(['order' => [Input::get('sort', 'id') => Input::get('direction', 'desc')], 'limit' => $limit = (int) Input::get('limit', 25), 'offset' => (Input::get('page', 1) - 1) * $limit, 'filters' => $request->all()]);
return response()->json(arrayView('phpsoft.users::routePermission/browse', ['routePermissions' => $routePermissions]), 200);
}
public function testSetRoutePermissionAllRouterAndCurrentRouteAdminAccess()
{
RoutePermission::setRouteRoles('*', ['@']);
RoutePermission::setRouteRoles('POST /blog/{id}', ['admin']);
// has login, is admin
$credentials = ['email' => '*****@*****.**', 'password' => '123456'];
$token = JWTAuth::attempt($credentials);
$res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]);
$this->assertEquals(200, $res->getStatusCode());
}
public function testBrowseWithOrderRightParams()
{
$routePermissions = [];
for ($i = 0; $i < 10; ++$i) {
$routePermissions[] = factory(RoutePermission::class)->create(['route' => 'Route ' . $i, 'permissions' => json_encode(['permissions' . $i]), 'roles' => json_encode(['roles' . $i])]);
}
$routePermissionsID = RoutePermission::select('*')->orderBy('id', 'desc')->get();
$routePermissionsRoute = RoutePermission::select('*')->orderBy('permissions', 'desc')->get();
$routePermissionsPermissions = RoutePermission::select('*')->orderBy('roles', 'desc')->get();
// check order route permissions with full input
$res = $this->call('GET', '/routePermissions?sort=route&direction=desc');
$this->assertEquals(200, $res->getStatusCode());
$results = json_decode($res->getContent());
for ($i = 0; $i < count($routePermissionsRoute); ++$i) {
$this->assertEquals($routePermissionsRoute[$i]->id, $results->entities[$i]->id);
}
$res = $this->call('GET', '/routePermissions?sort=route&direction=asc');
$this->assertEquals(200, $res->getStatusCode());
$results = json_decode($res->getContent());
for ($i = 0; $i < count($routePermissionsRoute); ++$i) {
$this->assertEquals($routePermissionsRoute[9 - $i]->id, $results->entities[$i]->id);
}
// check order route permission with other fields
$res = $this->call('GET', '/routePermissions?sort=permissions');
$this->assertEquals(200, $res->getStatusCode());
$results = json_decode($res->getContent());
for ($i = 0; $i < count($routePermissionsPermissions); ++$i) {
$this->assertEquals($routePermissionsPermissions[$i]->id, $results->entities[$i]->id);
}
// check order route permissions with equals value of order field, route permission is sorted follow id field with desc
$routePermissions = [];
for ($i = 0; $i < 10; ++$i) {
if (in_array($i, [2, 4, 6])) {
$routePermissions[] = factory(RoutePermission::class)->create(['permissions' => json_encode(['permissions']), 'roles' => json_encode(['roles' . $i])]);
}
$routePermissions[] = factory(RoutePermission::class)->create(['permissions' => json_encode(['permissions' . $i]), 'roles' => json_encode(['roles' . $i])]);
}
$routePermissions1 = RoutePermission::where('route', '=', ['permissions'])->orderBy('id', 'desc')->get();
$routePermissions2 = RoutePermission::where('route', '<>', ['permissions'])->orderBy('order', 'asc')->get();
$routePermissions = array_merge((array) $routePermissions1, (array) $routePermissions2);
$res = $this->call('GET', '/routePermissions?sort=permissions&direction=asc');
$this->assertEquals(200, $res->getStatusCode());
$results = json_decode($res->getContent());
for ($i = 1; $i < count($routePermissions); ++$i) {
$this->assertEquals($routePermissions[$i]->id, $results->entities[$i]->id);
}
}
