/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $current = \Route::current(); $prefix = $current->getPrefix(); if ($prefix == "broadcaster/services") { if (\Request::is('broadcaster/services/news*')) { $model = "news"; } else { if (\Request::is('broadcaster/services/channel*')) { $model = "channel"; } else { if (\Request::is('broadcaster/services/vod*')) { $model = "vod"; } else { return $next($request); } } } if ($model) { if (!$this->broadcasterResource->hasService($model)) { return response(['error' => ['description' => 'No service available']], 401); } } $params = $current->parameters(); if ($params) { if ($this->broadcasterResource->canAccess($model, $params)) { return $next($request); } else { return response(['error' => ['code' => 'UNAUTHORIZED', 'description' => 'You are not authorized to access this resource.']], 401); } } } return $next($request); }
/** * Run the request filter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $route = \Route::getCurrentRoute(); // $route->uri(), $request->path() $roles = \Auth::user()->roles; $allow = true; try { // Check if route has permission foreach ($roles as $role) { foreach ($role->permissions as $permission) { $allow = $allow & !$this->denied($request, $route, $permission); } } } catch (\Exception $e) { \Log::error($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage()); $allow = false; } // Apply access \Log::info('ACCESS:' . \Auth::user()->name . ':' . $request->method() . ':' . $request->path() . ':' . ($allow ? 'ALLOWED' : 'DENIED')); if (!$allow) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return response(view('admin/unauthorized'), 401); } } else { return $next($request); } }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string|null $guard * @return mixed */ public function handle($request, Closure $next, $guard = null) { $currentRouteAction = \Route::currentRouteAction(); $c_a = explode('@', $currentRouteAction); if (count($c_a) < 2) { return $next($request); } list($controller, $action) = explode('@', $currentRouteAction); $cname = substr($controller, strlen('App\\Http\\Controllers\\')); $user = Auth::User(); if (!$user) { $user_count = User::count(); if ($user_count == 0) { if ($cname == 'Auth\\AuthController' && ($action == 'showRegistrationForm' || $action == 'register')) { return $next($request); } else { return redirect()->action('Auth\\AuthController@showRegistrationForm')->with('message', 'You must create the 1st user(which would be super admin) before any tasks!')->with('message_type', 'warning'); } } else { if ($cname == 'Auth\\AuthController') { if ($action == 'showRegistrationForm' || $action == 'register') { return redirect()->action('Auth\\AuthController@showLoginForm')->with('message', 'Only super admin can create more users!')->with('message_type', 'warning'); } else { if ($action == 'showLoginForm' || $action == 'login') { return $next($request); } } } else { if ($cname == 'Auth\\PasswordController') { return $next($request); } } } return redirect(action('Auth\\AuthController@showLoginForm') . '?continue=' . \Request::url())->with('message', 'You must login to visit this page!')->with('message_type', 'warning'); } else { if ($user->type === 0) { return $next($request); } //Super Admin! if ($cname == 'PageController' || $cname == 'Auth\\AuthController' && $action == 'logout' || $cname == 'HomeController' && ($action == 'getIndex' || $action == 'getHome')) { return $next($request); } } return redirect('/'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $pass = $this->auth->check() ? true : false; $currentRoute = \Route::getCurrentRoute()->getPath(); if (strpos($currentRoute, '[')) { $currentRoute = preg_split('/[[]/', $currentRoute)[0]; } if (strpos($currentRoute, ':')) { $currentRoute = preg_split('/[:]/', $currentRoute)[0]; } if (substr($currentRoute, -1) == 's') { $currentRoute = substr($currentRoute, 0, -1); } $currentRoute = \Route::getCurrentRoute()->getPath() == "admin/users[edit:show]" ? "admin/users[edit:show]" : $currentRoute; //echo $currentRoute; if ($pass) { $pass = false; $role = DB::table('roles')->get(); foreach ($role as $rolerS) { if (User::find($this->auth->user()->id)->hasRole($rolerS->name) == 1) { $userRole = $rolerS->name; $role_id = $rolerS->id; } } $resultPermission = DB::table('permissions')->join('permission_role', 'permission_role.permission_id', '=', 'permissions.id')->join('roles', 'roles.id', '=', 'permission_role.role_id')->join('modules', 'modules.id', '=', 'permissions.action')->select('permission_role.permission_id as pID', 'permission_role.role_id as rID', 'roles.display_name as role_dn', 'permissions.name as per_name', 'permissions.display_name as per_dn', 'permissions.action as action', 'permissions.access as access', "modules.route as module_name", 'modules.id as mID')->where('permissions.type', 'module')->where('roles.id', $role_id)->get(); //->toSql();; foreach ($resultPermission as $rsP) { //echo $currentRoute . " = " . $rsP->module_name . " is " . ($currentRoute==$rsP->module_name) ."||"; if ($currentRoute == $rsP->module_name) { $pass = true; } if ($currentRoute == "admin/form" || $currentRoute == "admin/filesList/{id}" || $currentRoute == "admin/setGrid") { $pass = true; } } } if (!$pass) { return redirect('unauthorized')->with('errors', 'Maaf anda harus login terlebih dahulu'); } return $next($request); }
public function handle($request, Closure $next, $guard = null) { \App::setLocale(config('gtcmslang.defaultAdminLocale')); $showLoginMessage = true; if (config('gtcms.adminAutoLogin') && \Auth::guest()) { $user = User::where('role', 'admin')->first(); \Auth::login($user); $showLoginMessage = false; } $allowedUserRoles = config('gtcms.allowedUserRoles'); if (\Auth::guest() || !in_array(\Auth::user()->role, $allowedUserRoles)) { if (\Route::current()->uri() != "admin/login") { if (\Request::ajax() && \Request::get('getIgnore_isAjax')) { $data = array('success' => false, 'message' => "Session timeout", 'redirectToLogin' => true); return \Response::json($data); } else { return \Redirect::to('/admin/login'); } } } else { if (\Route::current()->uri() == "admin/login") { if ($showLoginMessage) { MessageManager::setError(trans('gtcms.alreadyLoggedIn')); } return \Redirect::to("/admin"); } } if (\Session::get('accessDenied')) { if (\Route::currentRouteName() != "restricted") { \Session::put('accessDenied', true); return \Redirect::to('/access-denied'); } } else { if (\Route::currentRouteName() == "restricted") { MessageManager::setError(trans('gtcms.accessGranted')); \Session::put('accessDenied', false); return \Redirect::to("/admin"); } } return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->guest('/admin/login'); } } else { //role id == 1 is an admin else 2 is not an admin if ($this->auth->user()->role_id == 1 || $this->auth->user()->role_id == 2) { } else { if (\Route::get('/admin')) { return redirect()->guest('login/admin'); } else { return redirect()->guest('auth/login'); } } } return $next($request); }
public function handle($request, Closure $next) { $this->filter(\Route::getCurrentRoute(), $request); return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $authorized = false; // Default to protect all routes. $errorCode = 0; // Default to something bogus... $method = null; $path = null; $actionName = null; $user = null; $username = null; $guest = false; // Get current route from Laravel. $laravelRoute = LaravelRoute::current(); // If not set we will fallback to error HTTP 500. This should never occur. TODO: remove this check... if (isset($laravelRoute)) { // Get route info. $method = $laravelRoute->getMethods()[0]; $path = $laravelRoute->getPath(); $actionName = $laravelRoute->getActionName(); // Get current user or set guest to true for unauthenticated users. if ($this->auth->check()) { $user = $this->auth->user(); $username = $user->username; } elseif ($this->auth->guest()) { $guest = true; } // AuthController and PasswordController are exempt from authorization. // TODO: Get list of controllers exempt from config. if (str_contains($actionName, 'AuthController@') || str_contains($actionName, 'PasswordController@')) { $authorized = true; } elseif (!$guest && isset($user) && 'root' == $user->username) { $authorized = true; } elseif (!$guest && isset($user) && $user->hasRole('admins')) { $authorized = true; } else { // if ($user->enabled) // { // Get application route based on info from Laravel route. $appRoute = AppRoute::ofMethod($method)->ofActionName($actionName)->ofPath($path)->enabled()->with('permission')->first(); // If found, proceed with authorization if (isset($appRoute)) { // Permission set for route. if (isset($appRoute->permission)) { // Route is open to all. // TODO: Get 'open-to-all' role name from config, and replace all occurrences. if ('open-to-all' == $appRoute->permission->name) { $authorized = true; } elseif ($guest && 'guest-only' == $appRoute->permission->name) { $authorized = true; } elseif (!$guest && isset($user) && $user->enabled && 'basic-authenticated' == $appRoute->permission->name) { $authorized = true; } elseif (!$guest && isset($user) && $user->enabled && $user->can($appRoute->permission->name)) { $authorized = true; } else { Log::error("Authorization denied for request path [" . $request->path() . "], method [" . $method . "] and action name [" . $actionName . "], guest [" . $guest . "], username [" . $username . "]."); $errorCode = 403; } } else { Log::error("No permission set for the requested route, path [" . $request->path() . "], method [" . $method . "] and action name [" . $actionName . "], guest [" . $guest . "], username [" . $username . "]."); $errorCode = 403; } } else { Log::error("No application route found in AuthorizeRoute module for request path [" . $request->path() . "], method [" . $method . "] and action name [" . $actionName . "]."); $errorCode = 403; } // if ( isset($appRoute) ) // } // else // { // return redirect( route('logout') ); // } } } // If authorize, proceed if ($authorized) { return $next($request); // Else if error code was set abort with that. } elseif (0 != $errorCode) { if (!$guest && isset($user) && !$user->enabled) { Log::error("User [" . $user->username . "] disabled, forcing logout."); return redirect(route('logout')); } else { abort($errorCode); } // Lastly Fallback to error HTTP 500: Internal server error. We should not get to this! } else { Log::error("Server error while trying to authorize route, request path [" . $request->path() . "], method [" . $method . "] and action name [" . $actionName . "]."); abort(500); } }