/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $route['route_method'] = $this->router->current()->methods()[0]; $route['route_name'] = '/' . $this->router->current()->uri(); $isAllowGuest = PermissionRouteModel::isAllowGuest($route); if (!$isAllowGuest) { if (($user = $this->user($request)) === 401) { return response()->json(null, 401); } $isAllPermission = PermissionRouteModel::isAllPermission($user); if (!$isAllPermission) { if (!PermissionRouteModel::hasPermission($user, $route)) { return response()->json(null, 403); } } } return $next($request); }
public function testHasManyPermission() { // assign new roles with name $modify = factory(Role::class)->create(['name' => 'modify', 'active' => 1]); $editor = factory(Role::class)->create(['name' => 'editor', 'active' => 1]); $user = factory(App\User::class)->create(['password' => bcrypt('123456')]); $credentials = ['email' => $user->email, 'password' => '123456']; $token = JWTAuth::attempt($credentials); // add roles to user $user->attachRole($modify); $user->attachRole($editor); // Post permission tree NodePermission::model()->tree('[{"id":2, "name":"2"},{"id":3, "name":"3","children":[{"id":4, "name":"4","children":[{"id":5, "name":"5"},{"id":6, "name":"6"}]}]},{"id":7, "name":"7"}]'); // add route to permission PermissionRoute::setRoutePermissionsRoles(2, '/password', 'PATCH'); PermissionRoute::setRoutePermissionsRoles(2, '/blog/{id}', 'POST'); // set permissons PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 0]); PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 0]); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(403, $res->getStatusCode()); // set permissons PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 1]); PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 0]); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(200, $res->getStatusCode()); // set permissons PermissionRole::create(['permission_id' => 2, 'role_id' => $modify->id, 'status' => 0]); PermissionRole::create(['permission_id' => 2, 'role_id' => $editor->id, 'status' => 1]); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(200, $res->getStatusCode()); }
/** * List all routes in app has not been added to permissions tree * * @param * @return Response */ public function getAllRoutesNotTree() { // Get all routes $routes = Route::getRoutes(); // Get all routes has been added to permissions tree $permissionOnTree = PermissionRoute::all()->toArray(); $diff = (new PermissionRoute())->getRouteNotTree($routes, $permissionOnTree); return response()->json(arrayView('gcl.gclusers::route/browse', ['routes' => $diff]), 200); }