/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = \Authorizer::getResourceOwnerId(); $projetct_id = $request->project; if ($this->repository->isOwner($projetct_id, $userId) == false) { return ['error' => 'access forbidden']; } return $next($request); }
/** * @param $projectFileId * @return mixed */ public function checkProjectOwner($projectFileId) { $userId = \Authorizer::getResourceOwnerId(); $projectId = $this->repository->SkipPresenter()->find($projectFileId)->project_id; return $this->projectRepository->isOwner($projectId, $userId); }