/** * this method to verify permission api * @param stirng $method [description] * @param stirng $permission [description] */ public function authorize($permission) { if (empty($this->tempStorage->get('id_company'))) { $this->invalidateToken(); throw $this->response->error('Un Authorized, Please Re-Login', 401); } $user = JWTAuth::parseToken()->authenticate(); $permission = Permission::where('name', $permission)->select('id')->first(); if (count($permission) == 0) { throw $this->response->error('No Permission', 404); } //set dynamic url or static url controller if (empty($this->url)) { $arrUrl = explode('/', Input::path()); array_shift($arrUrl); $url = '/' . $arrUrl['0'] . '/' . $arrUrl['1']; $menu = Menu::where('url', $url)->select('id')->first(); if (count($menu) == 0) { throw $this->response->error('No Menu ' . $url, 404); } $rolePermission = RolePermission::where('id_role', $user->id_role)->where('id_permission', $permission->id)->where('id_menu', $menu->id)->get(); if (count($rolePermission) == 0) { throw $this->response->error('Unauthorized action page', 404); } } else { $url = $this->url; $menu = Menu::where('url', $url)->select('id')->first(); if (count($menu) == 0) { throw $this->response->error('No Menu ' . $url, 404); } } }