/** * Handle an incoming request. * * @param Request $request * @param \Closure $next * @return Response */ public function handle(Request $request, Closure $next) : Response { $result = $this->_sentinel->authenticateFromRequest($request); if ($result instanceof User) { $this->_setUser($result); } if (!$this->_isAllowed($request->param('action'))) { if (!$this->isAuthenticated()) { Session::getInstance()->set("Auth/redirect", $request->url); if ($request->is('ajax')) { $response = new Response(); $response->statusCode(401); return $response; } else { return Response::redirect(Configuration::getInstance()->get("Auth/loginUrl", "/")); } } if (!$this->_sentinel->isAuthorized($result, $request)) { if ($request->is('ajax')) { $response = new Response(); $response->statusCode(403); return $response; } else { return Response::redirect($request->referer()); } } } return $next($request); }