/** * Run the request filter. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string|null $permission * @return mixed */ public function handle($request, \Closure $next, $permission = null) { $route = $request->route(); if (empty($permission)) { $permissions = $this->resolvePermissions($route); } else { $permissions = [$permission]; } foreach ($permissions as $permission) { if (!Auth::check() || !$this->manager->checkAccess(Auth::user(), $permission, $route->parameters())) { throw new AccessDeniedHttpException(); } } return $next($request); }
public function allowed($itemName, $params = []) { return Rbac::checkAccess($this, $itemName, $params); }