diff --git a/backend/app/Http/Middleware/Auth0Middleware.php b/backend/app/Http/Middleware/Auth0Middleware.php index 5744dd9..2a9ba50 100644 --- a/backend/app/Http/Middleware/Auth0Middleware.php +++ b/backend/app/Http/Middleware/Auth0Middleware.php @@ -17,12 +17,20 @@ class Auth0Middleware { $token = $request->bearerToken(); if (!$token) { + Log::warning('Se intento acceder a una ruta protegida sin un token', [ + 'path' => $request->getPathInfo() + ]); return response()->json(['error' => 'no_token', 'message' => 'No se envĂ­o el token'], 401); } try { $validated = $this->validateToken($token); } catch (InvalidTokenException $e) { + Log::warning('Se intento acceder a una ruta protegida con un token invalido', [ + 'path' => $request->getPathInfo(), + 'message' => $e->getMessage(), + 'token' => $token + ]); return response()->json([ 'error' => 'auth0_invalid_token', 'message' => $e->getMessage() @@ -30,6 +38,7 @@ class Auth0Middleware { } $user = Usuario::where('auth0_id', $validated['sub'])->first(); + Log::debug('Se identifico al usuario', ['id' => $user->id, 'auth0_id' => $user->auth0_id]); return $next($request->merge(['user' => $user])); } diff --git a/backend/app/Http/Middleware/Authenticate.php b/backend/app/Http/Middleware/Authenticate.php deleted file mode 100644 index 4a88761..0000000 --- a/backend/app/Http/Middleware/Authenticate.php +++ /dev/null @@ -1,22 +0,0 @@ -auth = $auth; - } - - public function handle($request, Closure $next, $guard = null) { - if ($this->auth->guard($guard)->guest()) { - return response('Unauthorized.', 401); - } - - return $next($request); - } -} diff --git a/backend/app/Http/Middleware/CorsMiddleware.php b/backend/app/Http/Middleware/CorsMiddleware.php index 58a9a99..2722a8d 100644 --- a/backend/app/Http/Middleware/CorsMiddleware.php +++ b/backend/app/Http/Middleware/CorsMiddleware.php @@ -14,15 +14,13 @@ class CorsMiddleware { 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With' ]; - if ($request->isMethod('OPTIONS')) - { + if ($request->isMethod('OPTIONS')) { return response()->json([], 200, $headers); } $response = $next($request); - foreach($headers as $key => $value) - { + foreach($headers as $key => $value) { $response->header($key, $value); } diff --git a/backend/app/Http/Middleware/InRestauranteMiddleware.php b/backend/app/Http/Middleware/InRestauranteMiddleware.php new file mode 100644 index 0000000..196866d --- /dev/null +++ b/backend/app/Http/Middleware/InRestauranteMiddleware.php @@ -0,0 +1,31 @@ +route('restaurante_id')); + $user = $request->user; + + + if(!$user->isOnRestaurante($restaurante)) { + Log::debug('El usuario intento acceder a un restaurante que no le pertenece', [ + 'user' => $user->id, + 'restaurante' => $restaurante->id + ]); + throw new ModelNotFoundException('restaurante', $restaurante->id); + } else { + Log::debug('El usuario accedio a un restaurante que si le pertenece', [ + 'user' => $user->id, + 'restaurante' => $restaurante->id + ]); + } + + return $next($request); + } +} diff --git a/backend/app/Http/Middleware/LogEndpointHitMiddleware.php b/backend/app/Http/Middleware/LogEndpointHitMiddleware.php index 47eac84..4b152f4 100644 --- a/backend/app/Http/Middleware/LogEndpointHitMiddleware.php +++ b/backend/app/Http/Middleware/LogEndpointHitMiddleware.php @@ -7,17 +7,16 @@ use Illuminate\Support\Facades\Log; class LogEndpointHitMiddleware { public function handle($request, Closure $next) { - $userId = $request->user ? $request->user->id : null; + $user = $request->user; $method = $request->getMethod(); $path = $request->getPathInfo(); - Log::debug('User ' . $userId . ' hitting ' . $method . ' ' . $path . ' endpoint', [ - 'user' => $userId, + Log::debug('User ' . $user->id . ' hitting ' . $method . ' ' . $path . ' endpoint', [ + 'user' => $user->id, + 'roles' => implode('|', $user->roles), 'method' => $method, 'path' => $path, - 'input' => array_filter($request->input(), function ($key) { - return $key !== 'user'; - }, ARRAY_FILTER_USE_KEY) + 'input' => array_filter($request->input(), function ($key) { return $key !== 'user'; }, ARRAY_FILTER_USE_KEY) ]); return $next($request); diff --git a/backend/app/Http/Middleware/RoleMiddleware.php b/backend/app/Http/Middleware/RoleMiddleware.php index 7bf4643..d9787f8 100644 --- a/backend/app/Http/Middleware/RoleMiddleware.php +++ b/backend/app/Http/Middleware/RoleMiddleware.php @@ -3,6 +3,7 @@ namespace App\Http\Middleware; use Closure; +use Illuminate\Support\Facades\Log; use App\Exceptions\NotAuthorizedException; class RoleMiddleware { @@ -16,6 +17,11 @@ class RoleMiddleware { } if(!$has_permission) { + Log::warning('El usuario intento acceder a una ruta sin los roles necesarios', [ + 'user' => $user->id, + 'required_roles' => $raw_roles, + 'user_roles' => implode('|', $user->roles) + ]); throw new NotAuthorizedException($request->user); } diff --git a/backend/app/Models/Usuario.php b/backend/app/Models/Usuario.php index caea07d..01a4d22 100644 --- a/backend/app/Models/Usuario.php +++ b/backend/app/Models/Usuario.php @@ -43,6 +43,10 @@ class Usuario extends Model { return in_array($role, $this->roles); } + public function isOnRestaurante($restaurante) { + return $this->restaurantes()->where('id', $restaurante->id)->count() > 0; + } + public function restaurantes() { return $this->belongsToMany(Restaurante::class, 'usuarios_restaurantes', 'usuario_id', 'restaurante_id'); } diff --git a/backend/bootstrap/app.php b/backend/bootstrap/app.php index 9636337..7d54447 100644 --- a/backend/bootstrap/app.php +++ b/backend/bootstrap/app.php @@ -77,7 +77,8 @@ $app->configure('logging'); $app->routeMiddleware([ 'auth' => App\Http\Middleware\Auth0Middleware::class, 'log_endpoint' => App\Http\Middleware\LogEndpointHitMiddleware::class, - 'role' => App\Http\Middleware\RoleMiddleware::class + 'role' => App\Http\Middleware\RoleMiddleware::class, + 'in_restaurante' => App\Http\Middleware\InRestauranteMiddleware::class ]); $app->middleware([ diff --git a/backend/routes/web.php b/backend/routes/web.php index 628c191..c52b711 100644 --- a/backend/routes/web.php +++ b/backend/routes/web.php @@ -9,11 +9,11 @@ $router->get('/', function () use ($router) { $router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], function () use ($router) { $router->group(['prefix' => '/users'], function () use ($router) { $router->get( '/', ['as' => 'users.all', 'uses' => 'UsuariosController@all', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/me', ['as' => 'users.get_me', 'uses' => 'UsuariosController@getMe']); $router->get( '/{id}', ['as' => 'users.get', 'uses' => 'UsuariosController@get', 'middleware' => ['role:admin|global_admin']]); $router->post( '/', ['as' => 'users.create', 'uses' => 'UsuariosController@create', 'middleware' => ['role:admin|global_admin']]); $router->put( '/{id}', ['as' => 'users.update', 'uses' => 'UsuariosController@update', 'middleware' => ['role:admin|global_admin']]); $router->delete('/{id}', ['as' => 'users.delete', 'uses' => 'UsuariosController@delete', 'middleware' => ['role:admin|global_admin']]); - $router->get( '/me', ['as' => 'users.get_me', 'uses' => 'UsuariosController@getMe']); $router->get( '/{id}/restaurantes/', ['as' => 'users.get_restaurantes', 'uses' => 'UsuariosController@getRestaurantes', 'middleware' => ['role:admin|global_admin']]); $router->put( '/{id}/restaurantes/{restaurant}', ['as' => 'users.add_to_restaurant', 'uses' => 'UsuariosController@addToRestaurant', 'middleware' => ['role:admin|global_admin']]); $router->delete('/{id}/restaurantes/{restaurant}', ['as' => 'users.remove_from_restaurant', 'uses' => 'UsuariosController@removeFromRestaurant', 'middleware' => ['role:admin|global_admin']]); @@ -26,67 +26,67 @@ $router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], $router->put( '/{id}', ['as' => 'restaurant.update', 'uses' => 'RestaurantesController@update', 'middleware' => ['role:global_admin']]); $router->delete('/{id}', ['as' => 'restaurant.delete', 'uses' => 'RestaurantesController@delete', 'middleware' => ['role:global_admin']]); - $router->get( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.all', 'uses' => 'CanalesVentaController@all']); - $router->get( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.get', 'uses' => 'CanalesVentaController@get']); - $router->post( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.create', 'uses' => 'CanalesVentaController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.update', 'uses' => 'CanalesVentaController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.delete', 'uses' => 'CanalesVentaController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.all', 'uses' => 'CanalesVentaController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.get', 'uses' => 'CanalesVentaController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.create', 'uses' => 'CanalesVentaController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.update', 'uses' => 'CanalesVentaController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.delete', 'uses' => 'CanalesVentaController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/sectores', ['as' => 'sectores.all', 'uses' => 'SectoresController@all']); - $router->get( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.get', 'uses' => 'SectoresController@get']); - $router->post( '/{restaurante_id}/sectores', ['as' => 'sectores.create', 'uses' => 'SectoresController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.update', 'uses' => 'SectoresController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/sectores/{id}', ['as' => 'sectores.delete', 'uses' => 'SectoresController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/sectores', ['as' => 'sectores.all', 'uses' => 'SectoresController@all', 'middleware' => ['in_restaurante']); + $router->get( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.get', 'uses' => 'SectoresController@get', 'middleware' => ['in_restaurante']); + $router->post( '/{restaurante_id}/sectores', ['as' => 'sectores.create', 'uses' => 'SectoresController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.update', 'uses' => 'SectoresController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/sectores/{id}', ['as' => 'sectores.delete', 'uses' => 'SectoresController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.all', 'uses' => 'ZonasProduccionController@all']); - $router->get( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.get', 'uses' => 'ZonasProduccionController@get']); - $router->post( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.create', 'uses' => 'ZonasProduccionController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.update', 'uses' => 'ZonasProduccionController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.delete', 'uses' => 'ZonasProduccionController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.all', 'uses' => 'ZonasProduccionController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.get', 'uses' => 'ZonasProduccionController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.create', 'uses' => 'ZonasProduccionController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.update', 'uses' => 'ZonasProduccionController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.delete', 'uses' => 'ZonasProduccionController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/categorias', ['as' => 'categorias.all', 'uses' => 'CategoriasController@all']); - $router->get( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.get', 'uses' => 'CategoriasController@get']); - $router->post( '/{restaurante_id}/categorias', ['as' => 'categorias.create', 'uses' => 'CategoriasController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.update', 'uses' => 'CategoriasController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/categorias/{id}', ['as' => 'categorias.delete', 'uses' => 'CategoriasController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/categorias', ['as' => 'categorias.all', 'uses' => 'CategoriasController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.get', 'uses' => 'CategoriasController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/categorias', ['as' => 'categorias.create', 'uses' => 'CategoriasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.update', 'uses' => 'CategoriasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/categorias/{id}', ['as' => 'categorias.delete', 'uses' => 'CategoriasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/proveedores', ['as' => 'proveedores.all', 'uses' => 'ProveedoresController@all']); - $router->get( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.get', 'uses' => 'ProveedoresController@get']); - $router->post( '/{restaurante_id}/proveedores', ['as' => 'proveedores.create', 'uses' => 'ProveedoresController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.update', 'uses' => 'ProveedoresController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.delete', 'uses' => 'ProveedoresController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/proveedores', ['as' => 'proveedores.all', 'uses' => 'ProveedoresController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.get', 'uses' => 'ProveedoresController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/proveedores', ['as' => 'proveedores.create', 'uses' => 'ProveedoresController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.update', 'uses' => 'ProveedoresController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.delete', 'uses' => 'ProveedoresController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.all', 'uses' => 'IngredientesController@all']); - $router->get( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.get', 'uses' => 'IngredientesController@get']); - $router->post( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.create', 'uses' => 'IngredientesController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.update', 'uses' => 'IngredientesController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.delete', 'uses' => 'IngredientesController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.all', 'uses' => 'IngredientesController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.get', 'uses' => 'IngredientesController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.create', 'uses' => 'IngredientesController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.update', 'uses' => 'IngredientesController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.delete', 'uses' => 'IngredientesController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/productos', ['as' => 'productos.all', 'uses' => 'ProductosController@all']); - $router->get( '/{restaurante_id}/productos/{id}', ['as' => 'productos.get', 'uses' => 'ProductosController@get']); - $router->post( '/{restaurante_id}/productos', ['as' => 'productos.create', 'uses' => 'ProductosController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/productos/{id}', ['as' => 'productos.update', 'uses' => 'ProductosController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/productos/{id}', ['as' => 'productos.delete', 'uses' => 'ProductosController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/productos', ['as' => 'productos.all', 'uses' => 'ProductosController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/productos/{id}', ['as' => 'productos.get', 'uses' => 'ProductosController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/productos', ['as' => 'productos.create', 'uses' => 'ProductosController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/productos/{id}', ['as' => 'productos.update', 'uses' => 'ProductosController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/productos/{id}', ['as' => 'productos.delete', 'uses' => 'ProductosController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/', ['as' => 'productos.receta.all', 'uses' => 'RecetasController@all']); - $router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.get', 'uses' => 'RecetasController@get']); - $router->post( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.add_ingrediente', 'uses' => 'RecetasController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.update_ingrediente', 'uses' => 'RecetasController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.remove_ingrediente', 'uses' => 'RecetasController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/', ['as' => 'productos.receta.all', 'uses' => 'RecetasController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.get', 'uses' => 'RecetasController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.add_ingrediente', 'uses' => 'RecetasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.update_ingrediente', 'uses' => 'RecetasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.remove_ingrediente', 'uses' => 'RecetasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/compras', ['as' => 'compras.all', 'uses' => 'ComprasController@all']); - $router->get( '/{restaurante_id}/compras/{id}', ['as' => 'compras.get', 'uses' => 'ComprasController@get']); - $router->post( '/{restaurante_id}/compras', ['as' => 'compras.create', 'uses' => 'ComprasController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/compras/{id}', ['as' => 'compras.update', 'uses' => 'ComprasController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/compras/{id}', ['as' => 'compras.delete', 'uses' => 'ComprasController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/compras', ['as' => 'compras.all', 'uses' => 'ComprasController@all', 'middleware' => ['in_restaurante']]); + $router->get( '/{restaurante_id}/compras/{id}', ['as' => 'compras.get', 'uses' => 'ComprasController@get', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/compras', ['as' => 'compras.create', 'uses' => 'ComprasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/compras/{id}', ['as' => 'compras.update', 'uses' => 'ComprasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/compras/{id}', ['as' => 'compras.delete', 'uses' => 'ComprasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/compras/{id}/ingredientes', ['as' => 'compras.ingredientes.get', 'uses' => 'ComprasController@getIngredientes']); - $router->post( '/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.add', 'uses' => 'ComprasController@addIngrediente', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.delete', 'uses' => 'ComprasController@deleteIngrediente','middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/compras/{id}/ingredientes', ['as' => 'compras.ingredientes.get', 'uses' => 'ComprasController@getIngredientes', 'middleware' => ['in_restaurante']]); + $router->post( '/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.add', 'uses' => 'ComprasController@addIngrediente', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.delete', 'uses' => 'ComprasController@deleteIngrediente','middleware' => ['role:admin|global_admin', 'in_restaurante']]); - $router->get( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.get', 'uses' => 'FacturasController@get']); - $router->post( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.create', 'uses' => 'FacturasController@create', 'middleware' => ['role:admin|global_admin']]); - $router->put( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.update', 'uses' => 'FacturasController@update', 'middleware' => ['role:admin|global_admin']]); - $router->delete('/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.delete', 'uses' => 'FacturasController@delete', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.get', 'uses' => 'FacturasController@get', 'middleware' => ['in_restaurante']]]); + $router->post( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.create', 'uses' => 'FacturasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->put( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.update', 'uses' => 'FacturasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); + $router->delete('/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.delete', 'uses' => 'FacturasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]); }); });