/** * Register the service provider. * * @return void */ public function register() { $this->app['mobiledetect'] = $this->app->share(function ($app) { return new \Mobile_Detect(); }); $this->app['facebook'] = $this->app->share(function ($app) { return new Facebook(); }); \Route::filter('facebook-scope', 'L4FacebookToolsFilter'); }
public function routes() { \Route::filter('NewsLetter', function () { $permission = module("UserManagement"); if (!$permission->hasPermission('NewsLetter')) { return \Redirect::route('dashboard'); } }); Route::pattern('id', '[0-9]+'); $this->NewsLetter(); }
/** * Bootstrap the application events. * * @return void */ public function boot() { // Add package $this->package('leitom/role'); // Register the role manager filter // This filter is used to trigger the protection of routes. // It will also contain the auth before filter so that it does not have to // be implemented at the same time. \Route::filter($this->app['config']->get('role::role.control.identifier'), 'Leitom\\Role\\Filters\\Role'); // Bind the implementation for use in controllers $this->app->bind('Leitom\\Role\\Contracts\\RoleRepositoryInterface', 'Leitom\\Role\\Repositories\\EloquentRoleRepository'); $this->app->bind('Leitom\\Role\\Contracts\\RouteRepositoryInterface', 'Leitom\\Role\\Repositories\\EloquentRouteRepository'); $this->app->bind('Leitom\\Role\\Contracts\\RouteScannerInterface', 'Leitom\\Role\\RouteScanner'); }
public function testPermissionsCanBeSetForRoutes() { $user = $this->createUserWithRoles(); \ACL::setUser($user); $controller = Mockery::mock('\\ApiController'); $controller->shouldReceive('tests')->once()->andReturn(\Response::json(['success' => 'great'])); $controller->shouldReceive('getActionPermissions')->once()->andReturn(['tests' => 'job.apply']); \Route::enableFilters(); \Route::filter('test.permissions.filter', function ($route) { require 'app/acl.php'; $permissions = $route->getAction()['uses'][0]->getActionPermissions(); $perm = $permissions[$route->getAction()['uses'][1]]; $this->assertTrue(ACL::permits('job.apply', $route->parameters())); }); \Route::get('/test/perms/{id}', [$controller, 'tests'])->after('test.permissions.filter'); $this->call('GET', '/test/perms/3'); $this->assertResponseOk(); }
| cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); Route::filter('checkInstalled', function ($route, $request) { $installed = false; try { $installed = Setting::get('faxbox.installed', true); } catch (PDOException $e) { if ($request->getRequestUri() == '/install') { return; } else { return Redirect::to('install'); } } if (!$installed && $request->getRequestUri() == '/install') { return; } if (!$installed) { return Redirect::to('install'); } // If we've gotten here, then the app is installed. send them to the dashboard if ($request->getRequestUri() == '/install' && $installed) { return Redirect::route('home'); } });
return Response::make('Unauthorized', 401); } return Redirect::guest('/'); } $return = 0; foreach (Auth::user()->groups as $group) { foreach ($group->resources as $resource) { if ($resource->pattern == "/" . Route::getCurrentRoute()->getPath()) { $return = 1; } } } if ($return == 0) { return Redirect::to('/profile'); } else { return; } }); Route::filter("guest", function () { if (Auth::check()) { if (Route::getCurrentRoute()->getPath() == "login") { return Redirect::route("user/profile"); } // } }); Route::filter("csrf", function () { if (Session::token() != Input::get("_token")) { throw new Illuminate\Session\TokenMismatchException(); } });
Route::get('/', array('as' => 'inicio', 'uses' => 'HomeController@getInicio')); Route::get('/nosotros', array('as' => 'nosotros', 'uses' => 'HomeController@getNosotros')); Route::get('/servicios', array('as' => 'servicios', 'uses' => 'HomeController@getServicios')); Route::get('/galeria', array('as' => 'galeria', 'uses' => 'HomeController@getGaleria')); Route::get('/transparencia', array('as' => 'transparencia', 'uses' => 'HomeController@getTransparencia')); Route::get('/contacto', array('as' => 'contacto', 'uses' => 'HomeController@getContacto')); Route::post('/contacto', array('as' => 'contacto', 'uses' => 'HomeController@postContacto')); // rutas agrupadas para admin // filtro para auth Route::group(array('before' => 'auth.admin'), function () { Route::get('/admin', array('as' => 'admin.index', 'uses' => 'AdminController@getIndex')); Route::get('/admin/salir', array('as' => 'logout', 'uses' => 'AdminController@getLogOut')); Route::get('/admin/perfil-usuario', array('as' => 'perfil', 'uses' => 'AdminController@getPerfil')); Route::get('/admin/usuarios', array('as' => 'usuarios', 'uses' => 'AdminController@getUsuarios')); Route::get('/admin/usuarios/nuevo', array('as' => 'usuariosNuevo', 'uses' => 'AdminController@getUsuariosNuevo')); Route::post('/admin/usuarios/nuevo', array('uses' => 'AdminController@postUsuariosNuevo')); Route::get('/admin/usuarios/editar/{id}', array('uses' => 'AdminController@getUsuariosEditar')); Route::post('/admin/usuarios/editar', array('uses' => 'AdminController@postUsuariosEditar')); Route::get('/admin/usuarios/bloquear/{id}', array('uses' => 'AdminController@getUsuariosBloquear')); Route::get('/admin/usuarios/activar/{id}', array('uses' => 'AdminController@getUsuariosActivar')); Route::get('/admin/listar-pedidos', array('as' => 'pedidos', 'uses' => 'PedidosController@getPedidos')); Route::get('/admin/paginas/inicio', array('uses' => 'AdminController@getPaginasInicio')); Route::get('/admin/importar-datos', array('as' => 'stock', 'uses' => 'ProductosController@getStock')); Route::post('/admin/stock', array('uses' => 'ProductosController@postStock')); }); // filtro auth Route::filter('auth.admin', function () { if (!Sentry::check()) { return Redirect::route('login'); } });
if (!$request->ajax()) { return Redirect::guest('login'); } else { return Response::make('Unauthorized Access', 403); } } }); Route::filter('auth.basic', function () { return Auth::basic(); }); Route::filter('guest', function ($route, $request) { if (Auth::guest()) { // } else { if (!$request->ajax()) { return Redirect::guest('admin/dashboard'); } else { return Response::make('Unauthorized Access', 403); } } }); // Role-based Authorization Filter. Route::filter('roles', function ($route, $request, $response, $roles = null) { if (!is_null($roles) && Auth::check()) { $user = Auth::user(); if (!$user->hasRole($roles)) { $status = __('You are not authorized to access this resource.'); return Redirect::to('admin/dashboard')->withStatus($status, 'warning'); } } });
| Route::filter('filter', function() | { | return 'Filtered!'; | }); | | Next, attach the filter to a route: | | Router::register('GET /', array('before' => 'filter', function() | { | return 'Hello World!'; | })); | */ Route::filter('before', function () { // Do stuff before every request to your application... }); Route::filter('after', function ($response) { // Do stuff after every request to your application... }); Route::filter('csrf', function () { if (Request::forged()) { return Response::error('500'); } }); Route::filter('auth', function () { if (Auth::guest()) { return Redirect::to('login'); } }); // Route for User_Controller Route::controller('user');
<?php Route::filter('auth_check', function () { // check method move to config file if (Auth::guest()) { $login_url = URL::to(Config::get('rpc::auth.login_path'), 'login'); return Redirect::to($login_url); } });
<?php Route::filter('MultilinguaSwapFilter', function () { $lista_lingue = L::get_lista(); $lingua = array_values(explode('/', Request::path()))[0]; if (in_array($lingua, array_keys($lista_lingue))) { // if not blocked if (!Session::get('noswap')) { // updates the language L::set($lingua); L::updateLocale(); } } else { // not found app::abort('404'); } });
<?php Route::filter('admin.auth', function () { if (AdminAuth::guest()) { if (Request::ajax()) { return Response::make('Unauthorized', 401); } else { return Redirect::guest(Admin::instance()->router->routeToAuth('login')); } } });
<?php Route::filter('csrf-ajax', function () { if (Session::token() != Request::header('x-csrf-token')) { throw new Illuminate\Session\TokenMismatchException(); } }); Route::get('/', 'IndexController@index'); Route::post('show', ['before' => 'csrf-ajax', 'as' => 'show', 'uses' => 'IndexController@show']); Route::post('create', ['before' => 'csrf-ajax', 'as' => 'create', 'uses' => 'IndexController@create']); Route::get('article/{id}/{title}', ['as' => 'read', 'uses' => 'IndexController@read']);
if (Auth::check()) { return Redirect::to('/user/profile'); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() !== Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); Route::filter('admin', function () { if (Auth::guest()) { if (Request::ajax()) { return Response::make('Unauthorized', 401); } return Redirect::guest('user/login'); } else { if (Auth::check() && Auth::user()->role != 1) { return Redirect::to('/user/profile'); } } });
<?php Route::filter('ulogin-guest', function () { if (Auth::check()) { $uri = Config::get('ulogin-laravel::config.redirect_after_login'); return Redirect::to($uri); } });
return redirect()->route('admin.index'); }); Route::controllers(['auth' => 'Auth\\AuthController', 'password' => 'Auth\\PasswordController']); Route::model('department', 'App\\Department'); Route::model('staff', 'App\\User'); Route::model('level', 'App\\Level'); Route::model('manager', 'App\\Manager'); Route::model('leader', 'App\\Leader'); Route::model('review', 'App\\Review'); Route::filter('auth', function () { if (Auth::guest()) { if (Request::ajax()) { return Response::make('Unauthorized', 401); } else { return Redirect::guest('auth/login'); } } else { if (Auth::check() && !Auth::user()->active) { Auth::logout(); return Redirect::to('auth/login')->with('danger', 'Your account is banned, please contact your administrator to active your account'); } } }); Route::group(['prefix' => 'admin', 'before' => 'auth'], function () { Route::get('index', ['as' => 'admin.index', 'uses' => 'HomeController@index']); Route::group(['prefix' => 'team'], function () { Route::resource('manager', 'ManagerController'); Route::get('manager/delete/{id}', 'ManagerController@delete'); Route::get('manager/add/{id}', 'ManagerController@getAdd'); Route::post('manager/add/{id}', 'ManagerController@postAdd'); Route::get('manager/{id}/{user}/delete', 'ManagerController@destroy'); Route::resource('leader', 'LeaderController');
| The following filters are used to verify user logged in. | */ Route::filter('ebri.loggedin', function () { $api = App::make('ebri.api'); if (!$api->logsUserIn()) { return $api->getApiServer()->resourceJson(array('message' => 'User logged out or not activated.'), 405); } unset($api); }); /* |-------------------------------------------------------------------------- | Permission Filters |-------------------------------------------------------------------------- | | The following filters are used to verify user permission. | */ Route::filter('ebri.permission', function () { $argList = array(); if (func_num_args() > 0) { $argList = func_get_args(); unset($argList[0]); unset($argList[1]); } $api = App::make('ebri.api'); if (!$api->checkPermission($argList)) { return $api->getApiServer()->resourceJson(array('message' => 'Permission denied.'), 405); } unset($api); });
} } }); Route::filter('editar_rol', function () { if (Auth::user()->tipousuarios_id == 3) { if (!comprobarPermiso("editar_rol")) { return View::make('administrador.error'); } } }); Route::filter('ver_catalogo', function () { if (Auth::user()->tipousuarios_id == 3) { if (!comprobarPermiso("ver_catalogo")) { return View::make('administrador.error'); } } }); Route::filter('agregar_catalogo', function () { if (Auth::user()->tipousuarios_id == 3) { if (!comprobarPermiso("agregar_catalogo")) { return View::make('administrador.error'); } } }); Route::filter('editar_catalogo', function () { if (Auth::user()->tipousuarios_id == 3) { if (!comprobarPermiso("editar_catalogo")) { return View::make('administrador.error'); } } });
FileController::findOrphans(); FileController::cleanup(); }); # Complex instance routing, optionally with linked_id for related objects Route::get('/{object_name}/delete/{instance_id}', 'InstanceController@delete'); Route::get('/{object_name}', 'InstanceController@index'); Route::get('/{object_name}/export', 'InstanceController@export'); Route::get('/{object_name}/create/{linked_id?}', 'InstanceController@create'); Route::post('/{object_name}/reorder', 'InstanceController@reorder'); Route::post('/{object_name}/{linked_id?}', 'InstanceController@store'); Route::get('/{object_name}/{instance_id}/{linked_id?}', 'InstanceController@edit'); Route::put('/{object_name}/{instance_id}/{linked_id?}', 'InstanceController@update'); Route::delete('/{object_name}/{instance_id}', 'InstanceController@destroy'); }); } }); Route::filter('user', function () { if (empty(Auth::user()->role) || Auth::user()->role > 3) { return Redirect::action('ObjectController@index'); } }); Route::filter('admin', function () { if (empty(Auth::user()->role) || Auth::user()->role > 2) { return Redirect::action('ObjectController@index'); } }); Route::filter('programmer', function () { if (empty(Auth::user()->role) || Auth::user()->role > 1) { return Redirect::action('ObjectController@index'); } });
| The "guest" filter is the counterpart of the authentication filters as | it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('/'); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); //añadido Route::filter('admin', function ($route, $request) { if (!Auth::user()->isAdmin()) { return Redirect::to('shops')->with('message', 'You are not authorized.'); } });
} }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() !== Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); /** * Custom Filters */ // Only allow owner to see this record Route::filter('ownerMARecord', function ($route) { $ma_id = $route->getParameter('mentor_activities'); // Check if owner $record = MentorActivity::getMA($ma_id); $isOwner = $record->user_id === Session::get('user_id'); if (!$isOwner) { Session::flash('alert_danger', 'Access denied. You do not have access to the requested page.'); return Redirect::to(secure_url('/dashboard')); } });
Route::filter('post_validate', function($route, $request) { $config = App::make('itemconfig'); //if the model doesn't exist at all, redirect to 404 if (!$config) { App::abort(404, 'Page not found'); } //check the permission $p = $config->getOption('permission'); //if the user is simply not allowed permission to this model, redirect them to the dashboard if (!$p) { return Redirect::to(URL::route('admin_dashboard')); } //get the settings data if it's a settings page if ($config->getType() === 'settings') { $config->fetchData(App::make('admin_field_factory')->getEditFields()); } //otherwise if this is a response, return that if (is_a($p, 'Illuminate\Http\JsonResponse') || is_a($p, 'Illuminate\Http\Response') || is_a($p, 'Illuminate\\Http\\RedirectResponse')) { return $p; } });
Route::post('useraccount/site/{id}', array('before' => 'loginCheck', 'uses' => 'UserAccountController@userSiteEdit')); //用户收货地址编辑&新增接口 Route::get('useraccount/sitedelete/{id}', array('before' => 'loginCheck', 'uses' => 'UserAccountController@siteDelete')); //用户收货地址删除接口 Route::post('/change_user_name', array('before' => 'loginCheck', 'uses' => 'UserAccountController@nickNameChange')); //用户昵称修改接口 Route::get('useraccount/password_change', array('before' => 'loginCheck', 'uses' => 'UserAccountController@passwordChange')); //用户修改登录密码页面 Route::post('useraccount/password_change', array('before' => 'loginCheck', 'uses' => 'UserAccountController@passwordChange')); //用户修改登录密码接口 Route::get('useraccount/personal_secure', array('before' => 'loginCheck', 'uses' => 'UserAccountController@userSecurity')); //用户安全设置页面 #登录验证 Route::filter('loginCheck', function () { if (!Auth::check()) { return Redirect::to('login'); } }); # 主页 Route::get('/', 'MainController@index'); Route::post('/', function () { }); // 首页的一个post请求 Route::post('cancelshop', array('before' => 'loginCheck', 'uses' => 'MainController@cancelShop')); // 取消收藏店铺 Route::post('collectshop', array('before' => 'loginCheck', 'uses' => 'MainController@collectShop')); // 收藏某个店铺 Route::post('collectlist', array('before' => 'loginCheck', 'uses' => 'MainController@collectList')); // 批量收藏功能 #搜索 Route::post('userBarSearch', 'SearchController@mainSearch');
| */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); /* |-------------------------------------------------------------------------- | Resource-based Permissions |-------------------------------------------------------------------------- | | Checks if the logged in user can perform the requested action on the | requested resource item. | Gets resource type (e.g. User) action (e.g. delete) and item id from request. | */ Route::filter('permission', function ($route, $request) { // convert dotted route name into array $routeName = explode('.', $route->getName()); // take the last part as the action $action = array_pop($routeName); // get the resource name (without action) $resource = implode('.', $routeName); // get resource ids as array $parameters = $route->parameters(); // test if current user has permission to perform {action} on {resource} with {parameters} if (Authority::cannot($action, $resource, $parameters)) { return App::abort(403); } });
| Guest Filter |-------------------------------------------------------------------------- | | The "guest" filter is the counterpart of the authentication filters as | it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('/'); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } }); if (Config::get('blade-cache-filter::bladeCacheExpiry') > 0) { Route::filter('cache', 'BladeCacheFilter'); }
| Router::register('GET /', array('before' => 'filter', function() | { | return 'Hello World!'; | })); | */ Route::filter('before', function () { // Do stuff before every request to your application... }); Route::filter('after', function ($response) { // Do stuff after every request to your application... }); Route::filter('csrf', function () { if (Request::forged()) { return Response::error('500'); } }); Route::filter('auth', function () { if (Auth::guest()) { return Redirect::to('login'); } }); Route::filter('authAdmin', function () { if (Auth::guest()) { return Redirect::to('login'); } else { if (!Session::get('isAdmin')) { return Redirect::to('home'); } } });
}); /* |-------------------------------------------------------------------------- | Guest Filter |-------------------------------------------------------------------------- | | The "guest" filter is the counterpart of the authentication filters as | it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('/'); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() !== Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException(); } });
return Auth::basic(); }); Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('user/login/'); } }); Entrust::routeNeedsRole('admin*', array('admin'), Redirect::to('/nopermission')); Entrust::routeNeedsPermission('admin/slugs*', 'manage_blogs', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/comments*', 'manage_comments', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/users*', 'manage_users', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/roles*', 'manage_roles', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/settings*', 'manage_settings', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/search*', 'site_search', Redirect::to('/admin')); Entrust::routeNeedsPermission('admin/todos*', 'manage_todos', Redirect::to('/admin')); Route::filter('csrf', function () { if (Session::getToken() != Input::get('csrf_token') && Session::getToken() != Input::get('_token')) { return Redirect::to('invalidtoken'); } }); Route::filter('detectLang', function ($route, $request, $lang = 'auto') { if ($lang != "auto" && in_array($lang, Config::get('app.available_language'))) { Config::set('app.locale', $lang); } else { $browser_lang = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtok(strip_tags($_SERVER['HTTP_ACCEPT_LANGUAGE']), ',') : ''; $browser_lang = substr($browser_lang, 0, 2); $userLang = in_array($browser_lang, Config::get('app.available_language')) ? $browser_lang : Config::get('app.locale'); Config::set('app.locale', $userLang); App::setLocale($userLang); } });
$cachedResponse = Cache::get(md5(URI::full())); if ($cachedResponse && Config::get('cache.timeout')) { return $cachedResponse; } }); // Prepara la respuesta antes de ser enviada Route::filter('prepareResponse', function ($response) { $cache_timeout = Config::get('cache.timeout'); if ($cache_timeout) { $response->header('cache-control', 'max-age=' . $cache_timeout * 60 . ', public'); } else { $response->header('cache-control', 'public'); } if (gettype($response->content) != 'array') { // TODO: Implementar distintas formas de retornar la data $response->header('Content-Type', 'application/json'); $response->content = Apihelper::wrapCallback(json_encode(array('error' => true, 'message' => $response->content))); } else { $response->header('Content-Type', 'application/json'); $response->content = Apihelper::wrapCallback(json_encode($response->content)); } }); // Agrega la respuesta al cache Route::filter('cacheResponse', function ($response) { $cache_timeout = Config::get('cache.timeout'); if ($cache_timeout) { if (!Cache::get(md5(URI::full()))) { Cache::put(md5(URI::full()), $response, $cache_timeout); } } });
<?php /* |-------------------------------------------------------------------------- | Application Routes |-------------------------------------------------------------------------- | | Here is where you can register all of the routes for an application. | It's a breeze. Simply tell Laravel the URIs it should respond to | and give it the Closure to execute when that URI is requested. | */ Route::filter('https_redirect', function () { if ($_SERVER['REQUEST_SCHEME'] != 'http') { header("Location:http://www.baidu.com"); } }); Route::filter('filter_test', function () { }); Route::group(array('before' => 'https_redirect'), function () { Route::any('roget/test', function () { echo 'roget.test'; }); Route::group(array('before' => 'filter_test'), function () { Route::any('roget/test/index', 'RogetController@index'); Route::any('roget/test1', function () { return 'roget.test1'; }); }); });