Esempio n. 1
0
 /**
  * Handle an incoming request.
  *
  * @param  Request  $request
  * @param  Closure  $next
  * @param  string   $action
  * @param  string   $resource
  * @return mixed
  */
 public function handle(Request $request, Closure $next, $action, $resource = null)
 {
     $user = $this->jwtAuth->getUser();
     $lock = $this->lock->makeCallerLockAware($user);
     if (!$user->can($action, $resource)) {
         throw new ForbiddenException();
     }
     return $next($request);
 }
Esempio n. 2
0
 /**
  * Set permissions to be used in the controller.
  *
  * @param  Request  $request
  * @return void
  */
 public function permissions(Request $request)
 {
     $this->lock->setRole(User::$userTypes);
     $user = $this->jwtAuth->user();
     $owner = [User::class, 'userIsOwner', $user, last($request->segments())];
     $this->lock->role(User::USER_TYPE_ADMIN)->permit(['readAll', 'readOne', 'update', 'delete']);
     $this->lock->role(User::USER_TYPE_GUEST)->permit(['readOne', 'update'], [$owner]);
     $this->middleware('permission:readAll', ['only' => 'getAllPaginated']);
     $this->middleware('permission:readOne', ['only' => 'getOne']);
     $this->middleware('permission:update', ['only' => 'patchOne']);
     $this->middleware('permission:delete', ['only' => 'deleteOne']);
 }