/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!Auth::check()) { return response('Unauthorized.', 403); } $user = Auth::user(); $doc = Doc::withTrashed()->find($request->doc); if (!$doc->canUserEdit($user)) { return response('Unauthorized.', 403); } return $next($request); }
public function getRestoreDoc($docId) { $doc = Doc::withTrashed()->find($docId); if ($doc->publish_state == Doc::PUBLISH_STATE_DELETED_ADMIN) { if (!Auth::user()->hasRole('admin')) { return Response('Unauthorized.', 403); } } if (!$doc->canUserEdit(Auth::user())) { return Response('Unauthorized.', 403); } DocMeta::withTrashed()->where('doc_id', $docId)->restore(); DocContent::withTrashed()->where('doc_id', $docId)->restore(); Annotation::withTrashed()->where('doc_id', $docId)->restore(); Comment::withTrashed()->where('doc_id', $docId)->restore(); $doc->restore(); $doc->publish_state = Doc::PUBLISH_STATE_UNPUBLISHED; $doc->save(); return Response::json($doc); }