/** * Store a newly created resource in storage. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ public function store(Request $request) { $roleId = $request->get('role-id'); foreach ($request->all() as $key => $val) { //condider only the checkboxes if ($key !== '_token' && $key !== 'role-id') { $roleDetail = RoleDetail::firstOrNew(['id_role' => $roleId, 'id_module' => $key]); $modActions = $this->getActionsArray($val); $roleDetail->fill(['mod_show' => $modActions['mod_show'], 'mod_insert' => $modActions['mod_insert'], 'mod_update' => $modActions['mod_update'], 'mod_delete' => $modActions['mod_delete']]); $roleDetail->save(); } } //Rate::create($request->all()); return \Redirect::route('admin.roles.index'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $actions = array(); //Get the controller and the action from the route $controller = explode("@", $request->route()->getActionName()); $controllerName = explode('Controllers\\', $controller[0])[1] . ".php"; $controllerAction = $controller[1]; //find module with the same name of the controller $module = Module::where('name', $controllerName)->first(); //Get the role detail for the corresponing user role and module $roleDetail = RoleDetail::where('id_role', $this->auth->user()->role->id)->where('id_module', $module->id)->first(); //Check if action is allowed according to roleDetails mod_show, mod_insert, mod_update, mod_delete $this->checkAction($controllerAction, $roleDetail, $request); return $next($request); }
private static function checkAction($roleId, $item) { //if($item->id_module == 0 ) // return true; $roleDetail = RoleDetail::where('id_role', $roleId)->where('id_module', $item->id_module)->first(); if ($roleDetail !== null) { if ($item->action === 'index' || $item->action === 'show') { if ($roleDetail->mod_show == 0) { return false; } else { return true; } } else { if ($item->action === 'create' || $item->action === 'store') { if ($roleDetail->mod_insert == 0) { return false; } else { return true; } } else { if ($item->action === 'edit' || $item->action === 'update') { if ($roleDetail->mod_update == 0) { return false; } else { return true; } } else { if ($item->action === 'delete') { if ($roleDetail->mod_delete == 0) { return false; } else { return true; } } } } } } return false; }