/** * Run the request filter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $route = \Route::getCurrentRoute(); // $route->uri(), $request->path() $roles = \Auth::user()->roles; $allow = true; try { // Check if route has permission foreach ($roles as $role) { foreach ($role->permissions as $permission) { $allow = $allow & !$this->denied($request, $route, $permission); } } } catch (\Exception $e) { \Log::error($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage()); $allow = false; } // Apply access \Log::info('ACCESS:' . \Auth::user()->name . ':' . $request->method() . ':' . $request->path() . ':' . ($allow ? 'ALLOWED' : 'DENIED')); if (!$allow) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return response(view('admin/unauthorized'), 401); } } else { return $next($request); } }