break; case 'put': case 'delete': $user = User::getIndex(Session::get('user_uid')); if ($route->getParameter('project_uuid') && (!$user || !$user->isAdmin() && !$user->isProjectAdmin($route->getParameter('project_uuid')))) { return Response::make('Insufficient privilages.', 401); } break; } }); Route::when('projects*', 'filter_projects'); /** * Validation of tool routes. */ Route::filter('filter_tools', function ($route, $request) { $method = FiltersHelper::method(); switch ($method) { case 'get': case 'post': case 'put': case 'delete': // check tool routes // $toolUuid = $route->getParameter('tool_uuid'); $isToolVersionRoute = $request->segment(3) == 'versions' || $request->segment(4) == 'versions'; if ($toolUuid && !$isToolVersionRoute) { // get relevant attributes // $user = User::getIndex(Session::get('user_uid')); $tool = Tool::where('tool_uuid', '=', $toolUuid)->first(); $isPublic = $tool->tool_sharing_status == 'public' || $tool->tool_sharing_status == 'PUBLIC';
if (!$user->isAdmin() && !$user->isProjectAdmin($request->input('project_uid'))) { return Response::make('Unable to change project membership. Insufficient privilages.', 401); } $project = Project::where('project_uid', '=', $request->input('project_uid'))->first(); if ($project->trial_project_flag) { return Response::make('Unable to change project membership. Insufficient privilages.', 401); } break; } }); Route::when('invitations*', 'filter_project_invitations'); /** * Validation of restricted domain paths. */ Route::filter('filter_restricted_domains', function ($route, $request) { switch (FiltersHelper::method()) { case 'post': case 'put': case 'delete': $user = User::getIndex(Session::get('user_uid')); if (!$user || !$user->isAdmin()) { return Response::make('Unable to access route. Current user is not an administrator.', 401); } break; case 'get': break; } }); Route::when('restricted-domains*', 'filter_restricted_domains'); /* |--------------------------------------------------------------------------