/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param Closure $next
* @param mixed $resource
* @param string|null $ablity
* @return mixed
*/
public function handle($request, Closure $next, $resource = null, $ability = null)
{
// Naming convention of ability
// Taken from route name
$ability = $ability ?: $request->route()->getName();
$resource = $resource ? $request->route($resource) : null;
$authis = $resource ? $this->authis->forResource($resource) : $this->authis;
if (!$authis->check($ability)) {
if ($request->ajax()) {
return response('Unauthorized.', 403);
} else {
return back()->with(['error' => trans('inoplate-auth::messages.unauthorized', ['url' => $request->url()])]);
}
}
return $next($request);
}
/**
* Authorize download
* @param array $library
* @return void
*/
protected function authorizeDownload(Request $request, $library)
{
$user = $request->user();
if (is_null($user)) {
if ($library['description']['visibility'] == 'private') {
abort(403);
// User is not authorized to access media library
}
} else {
if ($library['owner']['id'] != $user->id && array_search($user->id, array_column($library['sharedTo'], 'id')) === false && $library['description']['visibility'] == 'private' && !$this->authis->check('media.admin.libraries.view.all')) {
abort(403);
// User is not authorized to download file
}
}
}
/**
* Setup query
*
* @param Model $model
* @return Model
*/
protected function setupQuery($model)
{
$userId = $this->auth->user()->id;
if ($this->authis->check('media.admin.libraries.view.all')) {
return $model;
} else {
return $model->where(function ($query) use($userId) {
$query->where('user_id', $userId)->orWhere(function ($query) use($userId) {
$query->whereHas('users', function ($query) use($userId) {
$query->where('user_id', $userId);
});
})->orWhere('visibility', 'public');
});
}
}
/**
* Determine if current user is authorized
*
* @param string $permission
* @return boolean
*/
protected function authorize($resource)
{
return $this->authis->check($resource);
}