/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (\Auth::user()->hasRole('Officer') || \Auth::user()->hasRole('Administrator')) {
return $next($request);
}
\Log::warning('A user has attempted to access the administration area and failed.');
return response('Unauthorized.', 401);
}
public function handle(Request $request, callable $next)
{
$forbidden = function ($id) use($request) {
if ($request->ajax()) {
return response('Forbidden', 403);
} else {
$path = $id ? 'event@details' : 'site@index';
return redirect(act($path, $id))->with('error', _('Sorry, but it seems you don\'t have permission to edit this event...'));
}
};
$path = $request->getPathInfo();
$param = substr($path, strrpos($path, '/') + 1, strrpos($path, '-') ?: strlen($path) + 1);
if (!$param) {
//should never arrive here
\Log::warning('Tried to search for event ID in Staff middleware, but it was not found: ' . $path);
return $forbidden($param);
} else {
if (!Auth::check() || !EventStaff::where('user_id', Auth::user()->id)->where('event_id', $param)->count()) {
return $forbidden($param);
}
}
return $next($request);
}
