/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $id = $request->route('id'); $referralInformation = ReferralInformation::findOrFail($id); if (!($this->auth->user()->is('administrator') || $this->auth->user()->is('property_manager|normal_administrator') && $referralInformation->province == $this->auth->user()->profile->province) && $referralInformation->user_id != $this->auth->user()->id) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->back()->withErrors(['You are not authorized to do this action']); } } return $next($request); }
/** * Remove the specified resource from storage. * * @param int $id * @return \Illuminate\Http\Response */ public function delete($id) { $user = Auth::user(); $referralInformation = ReferralInformation::findOrFail($id); if ($user->is('property_manager')) { abort(401, 'Unauthorized action.'); } if (!$this->isEditable($referralInformation)) { return redirect()->route($user->backendAccess . '.referrals.index')->withErrors(['Your referral can\'t be deleted because it has been followed up.']); } $referralInformation->delete(); return redirect()->route($user->backendAccess . '.referrals.index')->with('messages', ['Informasi referral dihapus.']); }