|
|
|
@ -8,6 +8,8 @@ use Symfony\Component\HttpFoundation\Response;
|
|
|
|
|
|
|
|
|
|
class Acl
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
private $excepts = ['ckeditor', 'home'];
|
|
|
|
|
/**
|
|
|
|
|
* Handle an incoming request.
|
|
|
|
|
*
|
|
|
|
@ -15,6 +17,31 @@ class Acl
|
|
|
|
|
*/
|
|
|
|
|
public function handle(Request $request, Closure $next): Response
|
|
|
|
|
{
|
|
|
|
|
$route = \Route::getCurrentRoute();
|
|
|
|
|
// check admin page & user is not super admin
|
|
|
|
|
if (auth()->check() && isset($route->action['as'])) {
|
|
|
|
|
// explode user request to process
|
|
|
|
|
$requestPath = explode('.', $route->action['as']);
|
|
|
|
|
// ignore admin and not admin page
|
|
|
|
|
if ($requestPath[0] == 'admin' && !auth()->user()->hasRole('developer') && !auth()->user()->hasRole('admin')) {
|
|
|
|
|
// check excpet and has 3 routes and has user acceess
|
|
|
|
|
if (!in_array($requestPath[1], $this->excepts) &&
|
|
|
|
|
isset($requestPath[2]) &&
|
|
|
|
|
!auth()->user()->hasAccess($route->action['as'])) {
|
|
|
|
|
return abort(403, __("You dont't have acccess this action"));
|
|
|
|
|
}
|
|
|
|
|
// check delete or destroy with bulk action
|
|
|
|
|
if (isset($requestPath[2]) && $requestPath[2] == 'bulk' && $request->input('bulk') == 'delete') {
|
|
|
|
|
$requestPath[2] = 'delete';
|
|
|
|
|
if (!auth()->user()->hasAccess(implode('.', $requestPath))) {
|
|
|
|
|
$requestPath[2] = 'destroy';
|
|
|
|
|
if (!auth()->user()->hasAccess(implode('.', $requestPath))) {
|
|
|
|
|
return abort(403, __("You dont't have acccess this action"));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $next($request);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|