/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $route = $this->router->current()->methods()[0] . ' /' . $this->router->current()->uri(); $isPermissionAllRoutes = RoutePermissionModel::getRoutePermissionsRoles('*'); if ($isPermissionAllRoutes) { if (($user = $this->user($request)) === 401) { return response()->json(null, 401); } $hasRole = $user->hasRole($isPermissionAllRoutes->roles, false); $hasPerms = $user->can($isPermissionAllRoutes->permissions, false); $hasRolePerm = $hasRole || $hasPerms || is_array($isPermissionAllRoutes->roles) && in_array('@', $isPermissionAllRoutes->roles); if (!$hasRolePerm) { return response()->json(null, 403); } } $routePermission = RoutePermissionModel::getRoutePermissionsRoles($route); if ($routePermission) { if (($user = $this->user($request)) === 401) { return response()->json(null, 401); } $hasRole = $user->hasRole($routePermission->roles, false); $hasPerms = $user->can($routePermission->permissions, false); $hasRolePerm = $hasRole || $hasPerms || is_array($routePermission->roles) && in_array('@', $routePermission->roles); if (!$hasRolePerm) { return response()->json(null, 403); } } return $next($request); }
/** * index * @return json */ public function index(Request $request) { $routePermissions = RoutePermission::browse(['order' => [Input::get('sort', 'id') => Input::get('direction', 'desc')], 'limit' => $limit = (int) Input::get('limit', 25), 'offset' => (Input::get('page', 1) - 1) * $limit, 'filters' => $request->all()]); return response()->json(arrayView('phpsoft.users::routePermission/browse', ['routePermissions' => $routePermissions]), 200); }
public function testSetRoutePermissionAllRouterAndCurrentRouteAdminAccess() { RoutePermission::setRouteRoles('*', ['@']); RoutePermission::setRouteRoles('POST /blog/{id}', ['admin']); // has login, is admin $credentials = ['email' => '*****@*****.**', 'password' => '123456']; $token = JWTAuth::attempt($credentials); $res = $this->call('POST', '/blog/1', [], [], [], ['HTTP_Authorization' => "Bearer {$token}"]); $this->assertEquals(200, $res->getStatusCode()); }
public function testBrowseWithOrderRightParams() { $routePermissions = []; for ($i = 0; $i < 10; ++$i) { $routePermissions[] = factory(RoutePermission::class)->create(['route' => 'Route ' . $i, 'permissions' => json_encode(['permissions' . $i]), 'roles' => json_encode(['roles' . $i])]); } $routePermissionsID = RoutePermission::select('*')->orderBy('id', 'desc')->get(); $routePermissionsRoute = RoutePermission::select('*')->orderBy('permissions', 'desc')->get(); $routePermissionsPermissions = RoutePermission::select('*')->orderBy('roles', 'desc')->get(); // check order route permissions with full input $res = $this->call('GET', '/routePermissions?sort=route&direction=desc'); $this->assertEquals(200, $res->getStatusCode()); $results = json_decode($res->getContent()); for ($i = 0; $i < count($routePermissionsRoute); ++$i) { $this->assertEquals($routePermissionsRoute[$i]->id, $results->entities[$i]->id); } $res = $this->call('GET', '/routePermissions?sort=route&direction=asc'); $this->assertEquals(200, $res->getStatusCode()); $results = json_decode($res->getContent()); for ($i = 0; $i < count($routePermissionsRoute); ++$i) { $this->assertEquals($routePermissionsRoute[9 - $i]->id, $results->entities[$i]->id); } // check order route permission with other fields $res = $this->call('GET', '/routePermissions?sort=permissions'); $this->assertEquals(200, $res->getStatusCode()); $results = json_decode($res->getContent()); for ($i = 0; $i < count($routePermissionsPermissions); ++$i) { $this->assertEquals($routePermissionsPermissions[$i]->id, $results->entities[$i]->id); } // check order route permissions with equals value of order field, route permission is sorted follow id field with desc $routePermissions = []; for ($i = 0; $i < 10; ++$i) { if (in_array($i, [2, 4, 6])) { $routePermissions[] = factory(RoutePermission::class)->create(['permissions' => json_encode(['permissions']), 'roles' => json_encode(['roles' . $i])]); } $routePermissions[] = factory(RoutePermission::class)->create(['permissions' => json_encode(['permissions' . $i]), 'roles' => json_encode(['roles' . $i])]); } $routePermissions1 = RoutePermission::where('route', '=', ['permissions'])->orderBy('id', 'desc')->get(); $routePermissions2 = RoutePermission::where('route', '<>', ['permissions'])->orderBy('order', 'asc')->get(); $routePermissions = array_merge((array) $routePermissions1, (array) $routePermissions2); $res = $this->call('GET', '/routePermissions?sort=permissions&direction=asc'); $this->assertEquals(200, $res->getStatusCode()); $results = json_decode($res->getContent()); for ($i = 1; $i < count($routePermissions); ++$i) { $this->assertEquals($routePermissions[$i]->id, $results->entities[$i]->id); } }