/**
* @param $stringPermission
*
* @return mixed
*/
public function can($stringPermission)
{
if ($stringPermission instanceof \App\Permission) {
$stringPermission = $stringPermission->getAction();
}
return \App\Facades\Acl::isUserAllow($this, $stringPermission);
}
/**
* @param $request
* @param \Closure $next
* @param array $permissions
*
* @see http://laravel.com/docs/5.1/middleware#middleware-parameters
*
* @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector
*/
public function handle($request, Closure $next, $permissions = [])
{
if (!is_array($permissions)) {
$permissions = [$permissions];
}
// no permission required
if (empty($permissions)) {
return $next($request);
}
Clockwork::startEvent('acl.middleware', 'Acl middleware.');
foreach ($permissions as $permission) {
if (!Acl::isUserAllow(Auth::user(), $permission)) {
Clockwork::stopEvent('acl.middleware');
if (Request::is('api*')) {
return response('Not authorized', 403);
} else {
return view('auth.notAuthorized');
}
}
}
Clockwork::stopEvent('acl.middleware');
return $next($request);
}
