public function afterStore($data) { $id_role = $data['id']; $model = new RolePermission(); $model = $model->where('id_role', '=', $id_role); $model->delete(); $rolePermission = Request::get('rolePermission'); if (Request::has('rolePermission')) { foreach ($rolePermission as $keys => $values) { foreach ($values as $key => $value) { $model = new RolePermission(); $status = $model->create(['id_menu' => $keys, 'id_permission' => $key, 'id_role' => $id_role]); if (!$status) { DB::rollback(); throw $this->response->error(trans('response.update_failed'), 404); } } } } }
/** * this method to verify permission api * @param stirng $method [description] * @param stirng $permission [description] */ public function authorize($permission) { if (empty($this->tempStorage->get('id_company'))) { $this->invalidateToken(); throw $this->response->error('Un Authorized, Please Re-Login', 401); } $user = JWTAuth::parseToken()->authenticate(); $permission = Permission::where('name', $permission)->select('id')->first(); if (count($permission) == 0) { throw $this->response->error('No Permission', 404); } //set dynamic url or static url controller if (empty($this->url)) { $arrUrl = explode('/', Input::path()); array_shift($arrUrl); $url = '/' . $arrUrl['0'] . '/' . $arrUrl['1']; $menu = Menu::where('url', $url)->select('id')->first(); if (count($menu) == 0) { throw $this->response->error('No Menu ' . $url, 404); } $rolePermission = RolePermission::where('id_role', $user->id_role)->where('id_permission', $permission->id)->where('id_menu', $menu->id)->get(); if (count($rolePermission) == 0) { throw $this->response->error('Unauthorized action page', 404); } } else { $url = $this->url; $menu = Menu::where('url', $url)->select('id')->first(); if (count($menu) == 0) { throw $this->response->error('No Menu ' . $url, 404); } } }