/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!\Sentinel::check()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->guest(route('admin.login')); } } if ($request->route()->getName() == "admin.logout") { return $next($request); } if (count($request->route()->parameters()) == 0) { //Dashboard or some custom page if ($request->route()->getName() == "admin.dashboard" || starts_with($request->route()->getName(), "admin.upload.") || starts_with($request->route()->getName(), "elfinder.")) { if (\Sentinel::hasAnyAccess(['superadmin', 'controlpanel'])) { return $next($request); } else { \Sentinel::logout(null, true); return redirect()->guest(route('admin.login')); } } } else { //use dynamic permissions $route_alias = explode(".", $request->route()->getName()); if (!isset($route_alias[2])) { $route_alias[2] = 'view'; } elseif ($route_alias[2] == 'update') { $route_alias[2] = 'edit'; } elseif ($route_alias[2] == 'store') { $route_alias[2] = 'create'; } else { $route_alias[2]; } if (is_null($request->route()->parameters()['adminModel']->permission())) { if ($route_alias[2] == "view") { $model_permissions = ["admin." . $request->route()->parameters()['adminModel']->alias() . ".view"]; } else { $model_permissions = ["admin." . $request->route()->parameters()['adminModel']->alias() . "." . $route_alias[2]]; } } else { $model_permissions = explode(",", $request->route()->parameters()['adminModel']->permission()); if ($route_alias[2] == "view") { $model_permissions[] = "admin." . $request->route()->parameters()['adminModel']->alias() . ".view"; } else { $model_permissions[] = "admin." . $request->route()->parameters()['adminModel']->alias() . "." . $route_alias[2]; } } $model_permissions[] = "superadmin"; if (\Sentinel::hasAnyAccess($model_permissions)) { return $next($request); } } return redirect()->route('admin.dashboard')->withErrors('Permission denied.'); }
public function postLogin() { $rules = config('admin.auth.rules'); $data = \Input::only(array_keys($rules)); $lang = trans('admin::validation'); if ($lang == 'admin::validation') { $lang = []; } $validator = \Validator::make($data, $rules, $lang); if ($validator->fails()) { return \Redirect::back()->withInput()->withErrors($validator); } if (\Sentinel::authenticate($data)) { if (\Sentinel::hasAnyAccess(['superadmin', 'controlpanel'])) { return \Redirect::intended(route('admin.wildcard', '/')); } else { return $this->getLogout(); } } $message = new MessageBag(['email' => trans('sentinel::lang.auth.wrong-email'), 'password' => trans('sentinel::lang.auth.wrong-password')]); return \Redirect::back()->withInput()->withErrors($message); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $custom_routes = config('admin.custom_routes'); $system_route = false; $route_name = $request->route()->getName(); $route_parameters = $request->route()->parameters(); if (!\Sentinel::check()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->guest(route('admin.login')); } } if ($route_name == "admin.logout") { return $next($request); } if (starts_with($route_name, "elfinder.") || starts_with($route_name, "admin.upload.") || starts_with($route_name, 'admin.settings')) { $system_route = true; } if (array_key_exists($route_name, $custom_routes) || $system_route) { $config_permissions = !$system_route ? $custom_routes[$route_name]['permission'] : null; $check_permissions = !empty($config_permissions) ? $config_permissions : config('admin.defaultPermission'); if (\Sentinel::hasAnyAccess($check_permissions)) { return $next($request); } elseif (array_key_exists('logout', $custom_routes[$route_name]) && $custom_routes[$route_name]['logout']) { \Sentinel::logout(null, true); return redirect()->guest(route('admin.login')); } } else { //use dynamic permissions $route_alias = explode(".", $route_name); if (!isset($route_alias[2])) { $route_alias[2] = 'view'; } elseif ($route_alias[2] == 'update') { $route_alias[2] = 'edit'; } elseif ($route_alias[2] == 'store') { $route_alias[2] = 'create'; } else { $route_alias[2]; } if (is_null($route_parameters['adminModel']->permission())) { if ($route_alias[2] == "view") { $model_permissions = ["admin." . $route_parameters['adminModel']->alias() . ".view"]; } else { $model_permissions = ["admin." . $route_parameters['adminModel']->alias() . "." . $route_alias[2]]; } } else { $model_permissions = explode(",", $route_parameters['adminModel']->permission()); if ($route_alias[2] == "view") { $model_permissions[] = "admin." . $route_parameters['adminModel']->alias() . ".view"; } else { $model_permissions[] = "admin." . $route_parameters['adminModel']->alias() . "." . $route_alias[2]; } } $model_permissions[] = "superadmin"; if (\Sentinel::hasAnyAccess($model_permissions)) { return $next($request); } } flash()->error(trans('admin::lang.permission.denied')); return redirect()->route('admin.dashboard'); }
/** * Check if instance is deletable * @return bool */ protected function deletable() { return !$this->trashed() && !is_null($this->model()->delete($this->instance->getKey())) && \Sentinel::hasAnyAccess($this->getPermissions('destroy')); }
protected function getParams() { $permissions[] = 'admin.' . $this->model()->alias() . '.create'; $permissions[] = "superadmin"; if (!is_null($this->model()->permission())) { $permissions = array_merge($permissions, explode(",", $this->model()->permission())); } return ['title' => $this->title(), 'columns' => $this->allColumns(), 'creatable' => !is_null($this->model()->create()) && \Sentinel::hasAnyAccess($permissions), 'createUrl' => $this->model()->createUrl($this->parameters() + Input::all()), 'actions' => $this->actions(), 'dropdowns' => $this->dropdowns()]; }
<?php if (Sentinel::check()) { if (Sentinel::hasAnyAccess('admin.menus.*', 'superadmin')) { Admin::menu(App\Menu::class)->icon('fa-sitemap'); } if (Sentinel::hasAnyAccess('admin.pages.*', 'superadmin')) { Admin::menu(App\Page::class)->icon('fa-file-text-o'); } if (Sentinel::hasAnyAccess('admin.tags.*', 'superadmin')) { Admin::menu(App\Tag::class)->icon('fa-tags'); } if (Sentinel::hasAnyAccess('admin.comments.*', 'superadmin')) { Admin::menu(App\Comment::class)->icon('fa-comments'); } if (Sentinel::hasAnyAccess('admin.sitemaps.*', 'superadmin')) { Admin::menu(App\Sitemap::class)->icon('fa-sitemap'); } } /** * Menu */ //$user = Sentinel::findById(4); //dd($user); //$activation = Activation::create($user); Admin::model('App\\Menu')->title('Menu')->alias('menus')->display(function () { $display = AdminDisplay::tree(); $display->value('lable'); return $display; })->createAndEdit(function () { $form = AdminForm::form();