/**
* Run the request filter.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$route = \Route::getCurrentRoute();
// $route->uri(), $request->path()
$roles = \Auth::user()->roles;
$allow = true;
try {
// Check if route has permission
foreach ($roles as $role) {
foreach ($role->permissions as $permission) {
$allow = $allow & !$this->denied($request, $route, $permission);
}
}
} catch (\Exception $e) {
\Log::error($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
$allow = false;
}
// Apply access
\Log::info('ACCESS:' . \Auth::user()->name . ':' . $request->method() . ':' . $request->path() . ':' . ($allow ? 'ALLOWED' : 'DENIED'));
if (!$allow) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return response(view('admin/unauthorized'), 401);
}
} else {
return $next($request);
}
}
