/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $userId = Authorizer::getResourceOwnerId(); $projectId = $request->project; if ($this->repository->isOwner($projectId, $userId) == false) { return ['error' => 'Access forbidden']; } return $next($request); }
/** * @param $projectId * @return array */ private function checkProjectOwner($projectId) { $userId = Authorizer::getResourceOwnerId(); return $this->repository->isOwner($projectId, $userId); }