|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
/*
|--------------------------------------------------------------------------
| Roles & Permissions Filters
|--------------------------------------------------------------------------
|
*/
Entrust::routeNeedsRole('admin', ['Administrator', 'Users Manager', 'Premium Author', 'Author', 'Eraser'], Redirect::to('/'), false);
Entrust::routeNeedsPermission('admin/xcasts*', ['manage_premium_casts', 'manage_free_casts', 'delete_casts'], Redirect::to('admin'), false);
Entrust::routeNeedsPermission('admin/series*', ['manage_series', 'delete_series'], Redirect::to('admin'), false);
Entrust::routeNeedsPermission('admin/users*', ['manage_users', 'delete_users'], Redirect::to('admin'), false);
Route::filter('can_manage_premium_casts', function () {
if (Xcast::find(Route::input('xcasts'))->levels > 0) {
if (!Entrust::can('manage_premium_casts') && !Entrust::can('delete_casts')) {
return Redirect::to('admin');
}
}
});
public function uploadVideo($id)
{
$xcast = Xcast::find($id);
return View::make('admin.xcasts.upload_video', compact('xcast'));
}
