rodrigopedra · March 26, 2015 13:23
diff --git a/README b/README
 This is an adaption of the ACL strategy described here: [ http://ollieread.com/blog/2014/03/18/a-simplified-laravel-acl/ ] for Laravel 5.

 ##angular.js

 In order to the `$request->ajax();` method work properly with angular.js, you must set the `X-Requested-With` header to `XMLHttpRequest` on every ajax requests.

 This can be done on the configuration phase of your app, like so:

    // change 'app' to your module's name
    angular.module('app').config( ['$httpProvider', function ( $httpProvider) {
        // sets the X-Request-With to be sent on every ajax request with a value of XMLHttpRequest
        $httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
    } ] );
diff --git a/AclPermitted.php b/AclPermitted.php
 <?php namespace App\Services;

 use App\User;

 class AclPermitted
 {
    public static function verify( $permission )
    {
        /** @var User $user */
        $user = app( 'auth' )->user();

        $user->load( 'groups', 'groups.permissions' );

        foreach ( $user->groups as $group )
        {
            if ( $group->permissions->contains( $permission ) )
            {
                return TRUE;
            }
        }

        return FALSE;
    }
 }
diff --git a/AclPermittedMiddleware.php b/AclPermittedMiddleware.php
 <?php namespace App\Http\Middleware;

 use Closure;
 use Illuminate\Contracts\Routing\Middleware;

 use App\Services\AclPermitted;

 class AclPermittedMiddleware implements Middleware
 {
    public function handle( $request, Closure $next )
    {
        $route     = $request->route();
        $permitted = AclPermitted::verify( $route->getName() );

        if ( !$permitted )
        {
            if ( $request->ajax() )
            {
                return response()->make( 'Forbidden.', 403 );
            }
            else
            {
                return redirect()->back()->withErrors( 'Not authorized.' );
            }
        }

        return $next( $request );
    }
 }
diff --git a/Kernel.php b/Kernel.php
 <?php namespace App\Http;

 use Illuminate\Foundation\Http\Kernel as HttpKernel;

 class Kernel extends HttpKernel {

 	/**
 	 * The application's global HTTP middleware stack.
 	 *
 	 * @var array
 	 */
 	protected $middleware = [
 		'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
 		'Illuminate\Cookie\Middleware\EncryptCookies',
 		'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
 		'Illuminate\Session\Middleware\StartSession',
 		'Illuminate\View\Middleware\ShareErrorsFromSession',
 		'App\Http\Middleware\VerifyCsrfToken',
 	];

 	/**
 	 * The application's route middleware.
 	 *
 	 * @var array
 	 */
 	protected $routeMiddleware = [
 		'auth' => 'App\Http\Middleware\Authenticate',
 		'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
 		'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
 		'acl.permitted'  => 'App\Http\Middleware\AclPermittedMiddleware', // register an alias to our middleware
 	];

 }
diff --git a/routes.php b/routes.php
 <?php

 // sample usage

 $router->get('api/articles', [
 	'uses' => 'Api\ArticleController@index',
 	'as' => 'articles.index',
 	'middleware' => ['auth', 'acl.permitted'],
 ]);
	This is an adaption of the ACL strategy described here: [ http://ollieread.com/blog/2014/03/18/a-simplified-laravel-acl/ ] for Laravel 5.

	##angular.js

	In order to the `$request->ajax();` method work properly with angular.js, you must set the `X-Requested-With` header to `XMLHttpRequest` on every ajax requests.

	This can be done on the configuration phase of your app, like so:

	// change 'app' to your module's name
	angular.module('app').config( ['$httpProvider', function ( $httpProvider) {
	// sets the X-Request-With to be sent on every ajax request with a value of XMLHttpRequest
	$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
	} ] );
	<?php namespace App\Services;

	use App\User;

	class AclPermitted
	{
	public static function verify( $permission )
	{
	/** @var User $user */
	$user = app( 'auth' )->user();

	$user->load( 'groups', 'groups.permissions' );

	foreach ( $user->groups as $group )
	{
	if ( $group->permissions->contains( $permission ) )
	{
	return TRUE;
	}
	}

	return FALSE;
	}
	}
	<?php namespace App\Http\Middleware;

	use Closure;
	use Illuminate\Contracts\Routing\Middleware;

	use App\Services\AclPermitted;

	class AclPermittedMiddleware implements Middleware
	{
	public function handle( $request, Closure $next )
	{
	$route = $request->route();
	$permitted = AclPermitted::verify( $route->getName() );

	if ( !$permitted )
	{
	if ( $request->ajax() )
	{
	return response()->make( 'Forbidden.', 403 );
	}
	else
	{
	return redirect()->back()->withErrors( 'Not authorized.' );
	}
	}

	return $next( $request );
	}
	}
	<?php namespace App\Http;

	use Illuminate\Foundation\Http\Kernel as HttpKernel;

	class Kernel extends HttpKernel {

	/**
	* The application's global HTTP middleware stack.
	*
	* @var array
	*/
	protected $middleware = [
	'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
	'Illuminate\Cookie\Middleware\EncryptCookies',
	'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
	'Illuminate\Session\Middleware\StartSession',
	'Illuminate\View\Middleware\ShareErrorsFromSession',
	'App\Http\Middleware\VerifyCsrfToken',
	];

	/**
	* The application's route middleware.
	*
	* @var array
	*/
	protected $routeMiddleware = [
	'auth' => 'App\Http\Middleware\Authenticate',
	'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
	'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
	'acl.permitted' => 'App\Http\Middleware\AclPermittedMiddleware', // register an alias to our middleware
	];

	}
	<?php

	// sample usage

	$router->get('api/articles', [
	'uses' => 'Api\ArticleController@index',
	'as' => 'articles.index',
	'middleware' => ['auth', 'acl.permitted'],
	]);