Esempio n. 1
0
 /**
  * Handle an incoming request.
  * 
  * @param  \Illuminate\Http\Request  $request
  * @param  Closure                   $next
  * @param  mixed                     $resource
  * @param  string|null               $ablity
  * @return mixed
  */
 public function handle($request, Closure $next, $resource = null, $ability = null)
 {
     // Naming convention of ability
     // Taken from route name
     $ability = $ability ?: $request->route()->getName();
     $resource = $resource ? $request->route($resource) : null;
     $authis = $resource ? $this->authis->forResource($resource) : $this->authis;
     if (!$authis->check($ability)) {
         if ($request->ajax()) {
             return response('Unauthorized.', 403);
         } else {
             return back()->with(['error' => trans('inoplate-auth::messages.unauthorized', ['url' => $request->url()])]);
         }
     }
     return $next($request);
 }
Esempio n. 2
0
 /**
  * Authorize download
  * @param  array $library
  * @return void
  */
 protected function authorizeDownload(Request $request, $library)
 {
     $user = $request->user();
     if (is_null($user)) {
         if ($library['description']['visibility'] == 'private') {
             abort(403);
             // User is not authorized to access media library
         }
     } else {
         if ($library['owner']['id'] != $user->id && array_search($user->id, array_column($library['sharedTo'], 'id')) === false && $library['description']['visibility'] == 'private' && !$this->authis->check('media.admin.libraries.view.all')) {
             abort(403);
             // User is not authorized to download file
         }
     }
 }
Esempio n. 3
0
 /**
  * Setup query
  * 
  * @param  Model $model
  * @return Model
  */
 protected function setupQuery($model)
 {
     $userId = $this->auth->user()->id;
     if ($this->authis->check('media.admin.libraries.view.all')) {
         return $model;
     } else {
         return $model->where(function ($query) use($userId) {
             $query->where('user_id', $userId)->orWhere(function ($query) use($userId) {
                 $query->whereHas('users', function ($query) use($userId) {
                     $query->where('user_id', $userId);
                 });
             })->orWhere('visibility', 'public');
         });
     }
 }
Esempio n. 4
0
 /**
  * Determine if current user is authorized
  * 
  * @param  string $permission
  * @return boolean
  */
 protected function authorize($resource)
 {
     return $this->authis->check($resource);
 }