/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $route = $this->router->current()->methods()[0] . ' /' . $this->router->current()->uri(); $isPermissionAllRoutes = RoutePermissionModel::getRoutePermissionsRoles('*'); if ($isPermissionAllRoutes) { if (($user = $this->user($request)) === 401) { return response()->json(null, 401); } $hasRole = $user->hasRole($isPermissionAllRoutes->roles, false); $hasPerms = $user->can($isPermissionAllRoutes->permissions, false); $hasRolePerm = $hasRole || $hasPerms || is_array($isPermissionAllRoutes->roles) && in_array('@', $isPermissionAllRoutes->roles); if (!$hasRolePerm) { return response()->json(null, 403); } } $routePermission = RoutePermissionModel::getRoutePermissionsRoles($route); if ($routePermission) { if (($user = $this->user($request)) === 401) { return response()->json(null, 401); } $hasRole = $user->hasRole($routePermission->roles, false); $hasPerms = $user->can($routePermission->permissions, false); $hasRolePerm = $hasRole || $hasPerms || is_array($routePermission->roles) && in_array('@', $routePermission->roles); if (!$hasRolePerm) { return response()->json(null, 403); } } return $next($request); }