/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$actions = array();
//Get the controller and the action from the route
$controller = explode("@", $request->route()->getActionName());
$controllerName = explode('Controllers\\', $controller[0])[1] . ".php";
$controllerAction = $controller[1];
//find module with the same name of the controller
$module = Module::where('name', $controllerName)->first();
//Get the role detail for the corresponing user role and module
$roleDetail = RoleDetail::where('id_role', $this->auth->user()->role->id)->where('id_module', $module->id)->first();
//Check if action is allowed according to roleDetails mod_show, mod_insert, mod_update, mod_delete
$this->checkAction($controllerAction, $roleDetail, $request);
return $next($request);
}
private static function checkAction($roleId, $item)
{
//if($item->id_module == 0 )
// return true;
$roleDetail = RoleDetail::where('id_role', $roleId)->where('id_module', $item->id_module)->first();
if ($roleDetail !== null) {
if ($item->action === 'index' || $item->action === 'show') {
if ($roleDetail->mod_show == 0) {
return false;
} else {
return true;
}
} else {
if ($item->action === 'create' || $item->action === 'store') {
if ($roleDetail->mod_insert == 0) {
return false;
} else {
return true;
}
} else {
if ($item->action === 'edit' || $item->action === 'update') {
if ($roleDetail->mod_update == 0) {
return false;
} else {
return true;
}
} else {
if ($item->action === 'delete') {
if ($roleDetail->mod_delete == 0) {
return false;
} else {
return true;
}
}
}
}
}
}
return false;
}
