public function generateApiKey(Request $request, $userId) { if ($request->user()->isAdmin() || $request->user()->id === $userId) { $user = User::find($userId); $user->generateApiKey(); Flash::success('APIKey generated!'); } return redirect()->back(); }
/** * Authorize filter should be attached to every route * Calls the gate:check method with the appropriate user and resource * @param Route the route * @param $request the request object * @param String $action the action mapping of the action performed for a complete list * @see AuthServiceProvider * @throws ClassNotFoundException if the $action parameter is malformed therefore there is no known Resource to * be retrieved * * TODO: add an after plugin action to allow plugin owners add and authorize their own resources */ private function authorize(Request $request, string $action) { $user = Auth::user(); if ($user !== NULL && $action !== '') { $resource = explode('-', $action); //echo '$resource == ';var_dump($user); if (FALSE !== $resource && !emptyArray($resource)) { $resource = $resource[1]; } if (!isset($request->id)) { $request->id = $user->id; } if ($request->user()->can($action, $resource)) { } // var_dump($resource); } elseif ($user === NULL && $action === '') { Log::info("Non logged in user tried to access no-action(allowed by default)"); // redirect('/login'); } else { Log::info("Non-logged in user tried to perform {$action}"); abort(401, "Unauthorized action"); } }