protected function checkUserAccess() { $currentUserId = Session::get('currentUser'); $currentUserRole = User::getCurrentUser($currentUserId); $currentRole = Role::getCurrentRole($currentUserRole->role_id)->name; if ($currentUserRole->role_id == 1 || $currentUserRole->role_id == 2) { return true; } return App::abort(403, 'Access denied'); //return $currentUserID; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { // Get the required roles from the route $roles = $this->getRequiredRoleForRoute($request->route()); // Check if a role is required for the route, and // if so, ensure that the user has that role. $currentUserId = Session::get('currentUser'); $currentUserRole = User::getCurrentUser($currentUserId); $currentRole = Role::getCurrentRole($currentUserRole->role_id)->name; if (in_array($currentRole, $roles)) { return $next($request); } // return response([ // 'error' => [ // 'code' => 'INSUFFICIENT_ROLE', // 'description' => 'You are not authorized to access this resource.' // ] // ], 403); return App::abort(403, 'Access denied'); }