/**
* Handle an incoming request.
*
* @param Request $request
* @param \Closure $next
* @return Response
*/
public function handle(Request $request, Closure $next) : Response
{
$result = $this->_sentinel->authenticateFromRequest($request);
if ($result instanceof User) {
$this->_setUser($result);
}
if (!$this->_isAllowed($request->param('action'))) {
if (!$this->isAuthenticated()) {
Session::getInstance()->set("Auth/redirect", $request->url);
if ($request->is('ajax')) {
$response = new Response();
$response->statusCode(401);
return $response;
} else {
return Response::redirect(Configuration::getInstance()->get("Auth/loginUrl", "/"));
}
}
if (!$this->_sentinel->isAuthorized($result, $request)) {
if ($request->is('ajax')) {
$response = new Response();
$response->statusCode(403);
return $response;
} else {
return Response::redirect($request->referer());
}
}
}
return $next($request);
}
