/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!Auth::check()) {
return response('Unauthorized.', 403);
}
$user = Auth::user();
$doc = Doc::withTrashed()->find($request->doc);
if (!$doc->canUserEdit($user)) {
return response('Unauthorized.', 403);
}
return $next($request);
}
public function getRestoreDoc($docId)
{
$doc = Doc::withTrashed()->find($docId);
if ($doc->publish_state == Doc::PUBLISH_STATE_DELETED_ADMIN) {
if (!Auth::user()->hasRole('admin')) {
return Response('Unauthorized.', 403);
}
}
if (!$doc->canUserEdit(Auth::user())) {
return Response('Unauthorized.', 403);
}
DocMeta::withTrashed()->where('doc_id', $docId)->restore();
DocContent::withTrashed()->where('doc_id', $docId)->restore();
Annotation::withTrashed()->where('doc_id', $docId)->restore();
Comment::withTrashed()->where('doc_id', $docId)->restore();
$doc->restore();
$doc->publish_state = Doc::PUBLISH_STATE_UNPUBLISHED;
$doc->save();
return Response::json($doc);
}
