/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param Closure $next
* @param mixed $resource
* @param string|null $ablity
* @return mixed
*/
public function handle($request, Closure $next, $resource = null, $ability = null)
{
// Naming convention of ability
// Taken from route name
$ability = $ability ?: $request->route()->getName();
$resource = $resource ? $request->route($resource) : null;
$authis = $resource ? $this->authis->forResource($resource) : $this->authis;
if (!$authis->check($ability)) {
if ($request->ajax()) {
return response('Unauthorized.', 403);
} else {
return back()->with(['error' => trans('inoplate-auth::messages.unauthorized', ['url' => $request->url()])]);
}
}
return $next($request);
}
