public function testPermissionsCanBeSetForRoutes()
{
$user = $this->createUserWithRoles();
\ACL::setUser($user);
$controller = Mockery::mock('\\ApiController');
$controller->shouldReceive('tests')->once()->andReturn(\Response::json(['success' => 'great']));
$controller->shouldReceive('getActionPermissions')->once()->andReturn(['tests' => 'job.apply']);
\Route::enableFilters();
\Route::filter('test.permissions.filter', function ($route) {
require 'app/acl.php';
$permissions = $route->getAction()['uses'][0]->getActionPermissions();
$perm = $permissions[$route->getAction()['uses'][1]];
$this->assertTrue(ACL::permits('job.apply', $route->parameters()));
});
\Route::get('/test/perms/{id}', [$controller, 'tests'])->after('test.permissions.filter');
$this->call('GET', '/test/perms/3');
$this->assertResponseOk();
}
return;
}
$closure = explode('@', \Route::currentRouteAction());
$controllerClass = $closure[0];
$controllerMethod = $closure[1];
$permissionsDefinitionClass = 'Motibu\\Permitters\\Definitions\\' . $controllerClass . 'Permissions';
if (class_exists($permissionsDefinitionClass)) {
$permissionsMap = (new $permissionsDefinitionClass())->getPermissions();
// no permissions needed for action
if (!isset($permissionsMap[$controllerMethod])) {
return;
}
$permissions = $permissionsMap[$controllerMethod];
$permits = true;
foreach ($permissions as $permission) {
$permits = $permits && ACL::permits($permission, $route->parameters());
}
if (!$permits) {
\App::abort(403, 'Unauthorized action.');
}
}
});
// Allow cross origin requests
\Route::filter('allow_cross_origin', function ($route, $request, $response) {
$response->header('Access-Control-Allow-Origin', '*');
});
\Route::filter('oauth.add_auth_header', function ($route, $request) {
$headers = getallheaders();
if (isset($headers['Authorization'])) {
$request->headers->set('Authorization', $headers['Authorization']);
}
