/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$route = $this->router->current()->methods()[0] . ' /' . $this->router->current()->uri();
$isPermissionAllRoutes = RoutePermissionModel::getRoutePermissionsRoles('*');
if ($isPermissionAllRoutes) {
if (($user = $this->user($request)) === 401) {
return response()->json(null, 401);
}
$hasRole = $user->hasRole($isPermissionAllRoutes->roles, false);
$hasPerms = $user->can($isPermissionAllRoutes->permissions, false);
$hasRolePerm = $hasRole || $hasPerms || is_array($isPermissionAllRoutes->roles) && in_array('@', $isPermissionAllRoutes->roles);
if (!$hasRolePerm) {
return response()->json(null, 403);
}
}
$routePermission = RoutePermissionModel::getRoutePermissionsRoles($route);
if ($routePermission) {
if (($user = $this->user($request)) === 401) {
return response()->json(null, 401);
}
$hasRole = $user->hasRole($routePermission->roles, false);
$hasPerms = $user->can($routePermission->permissions, false);
$hasRolePerm = $hasRole || $hasPerms || is_array($routePermission->roles) && in_array('@', $routePermission->roles);
if (!$hasRolePerm) {
return response()->json(null, 403);
}
}
return $next($request);
}
