Esempio n. 1
0
 public function generateApiKey(Request $request, $userId)
 {
     if ($request->user()->isAdmin() || $request->user()->id === $userId) {
         $user = User::find($userId);
         $user->generateApiKey();
         Flash::success('APIKey generated!');
     }
     return redirect()->back();
 }
Esempio n. 2
0
 /**
  * Authorize filter should be attached to every route
  * Calls the gate:check method with the appropriate user and resource
  * @param Route the route
  * @param $request the request object
  * @param String $action the action mapping of the action performed for a complete list
  * @see AuthServiceProvider
  * @throws ClassNotFoundException if the $action parameter is malformed therefore there is no known Resource to
  * be retrieved
  *
  * TODO: add an after plugin action to allow plugin owners add and authorize their own resources
  */
 private function authorize(Request $request, string $action)
 {
     $user = Auth::user();
     if ($user !== NULL && $action !== '') {
         $resource = explode('-', $action);
         //echo '$resource == ';var_dump($user);
         if (FALSE !== $resource && !emptyArray($resource)) {
             $resource = $resource[1];
         }
         if (!isset($request->id)) {
             $request->id = $user->id;
         }
         if ($request->user()->can($action, $resource)) {
         }
         //            var_dump($resource);
     } elseif ($user === NULL && $action === '') {
         Log::info("Non logged in user tried to access no-action(allowed by default)");
         //   redirect('/login');
     } else {
         Log::info("Non-logged in user tried to perform {$action}");
         abort(401, "Unauthorized action");
     }
 }