Last active
August 29, 2015 14:15
-
-
Save hmaurer/4f1dd1eae4a52710ecec to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public function __construct(WestcottInterface $api){ | |
| //Before filters | |
| $this->beforeFilter('check_roles', array('except' => array('getLogin','postLogin','getLogout'))); | |
| $this->beforeFilter('csrf', array('on' => 'post')); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Route::filter('check_roles', function(){ | |
| //detect current route | |
| $subject = $_SERVER['REQUEST_URI']; | |
| $sections = explode('/',$subject); | |
| //reformat request uri to standard format to match DB entries. | |
| $action = $sections[1].'/'.$sections[2].'/'; | |
| $api = new Westcott(new OAuth2()); | |
| $api->init('client_credentials'); | |
| // print_r($action); | |
| //get user id to determine groups | |
| $access = false; | |
| $active = false; | |
| $isadmin = false; | |
| $userid = Auth::user(); | |
| //now that we know the groups, let's loop through each group and all it's permission and see if our current route and a permission matches | |
| foreach($userid->groups as $group){ | |
| $permissions = $api->get('group/'.$group->id); | |
| foreach($permissions->permissions as $permission){ | |
| if($permission->action == trim($action)){ | |
| $access = true; | |
| if($permission->pivot->active === '1'){ | |
| $active = true; | |
| } | |
| } | |
| if($permission->action == "admin/index/"){ | |
| $isadmin=true; | |
| } | |
| } | |
| } | |
| //If we found a match, access would be true, if not redirect back to their originating page. they do not have access to view resource. | |
| if($access){ | |
| if(!$active){ | |
| //return to previous page; | |
| if($isadmin){ | |
| return Redirect::to('/admin/index')->with('message','This permission has been disabled in your account. If you believe this was in error, please contact <a href="mailto:[email protected]?subject=Account Disabled">[email protected]</a>'); | |
| }else { | |
| return Redirect::to('/index')->with('message','This permission has been disabled in your account. If you believe this was in error, please contact <a href="mailto:[email protected]?subject=Account Disabled">[email protected]</a>'); | |
| } | |
| } | |
| }else if(!$access){ | |
| //return to previous page; | |
| if($isadmin){ | |
| return Redirect::to('/admin/index')->with('message','You do not have the proper clearence to access this resource.'); | |
| }else { | |
| return Redirect::to('/index')->with('message','You do not have the proper clearence to access this resource.'); | |
| } | |
| } | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment