skrd/unified-restaurant-original
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Middleware se encarga de validar que usuario pertenezca al restaurant

Browse Source
This commit is contained in:
Daniel Cortés
2021-07-20 02:03:29 -04:00
parent 3534fdd02a
commit 6a7e08478f
9 changed files with 112 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/app/Http/Middleware/Auth0Middleware.php
View File

@@ -17,12 +17,20 @@ class Auth0Middleware {
$token = $request->bearerToken();
if (!$token) {
Log::warning('Se intento acceder a una ruta protegida sin un token', [
'path' => $request->getPathInfo()
]);
return response()->json(['error' => 'no_token', 'message' => 'No se envío el token'], 401);
}
try {
$validated = $this->validateToken($token);
} catch (InvalidTokenException $e) {
Log::warning('Se intento acceder a una ruta protegida con un token invalido', [
'path' => $request->getPathInfo(),
'message' => $e->getMessage(),
'token' => $token
]);
return response()->json([
'error' => 'auth0_invalid_token',
'message' => $e->getMessage()
@@ -30,6 +38,7 @@ class Auth0Middleware {
}
$user = Usuario::where('auth0_id', $validated['sub'])->first();
Log::debug('Se identifico al usuario', ['id' => $user->id, 'auth0_id' => $user->auth0_id]);
return $next($request->merge(['user' => $user]));
}

22
backend/app/Http/Middleware/Authenticate.php
View File

@@ -1,22 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;
class Authenticate {
protected $auth;
public function __construct(Auth $auth) {
$this->auth = $auth;
}
public function handle($request, Closure $next, $guard = null) {
if ($this->auth->guard($guard)->guest()) {
return response('Unauthorized.', 401);
}
return $next($request);
}
}

6
backend/app/Http/Middleware/CorsMiddleware.php
View File

@@ -14,15 +14,13 @@ class CorsMiddleware {
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With'
];
if ($request->isMethod('OPTIONS'))
{
if ($request->isMethod('OPTIONS')) {
return response()->json([], 200, $headers);
}
$response = $next($request);
foreach($headers as $key => $value)
{
foreach($headers as $key => $value) {
$response->header($key, $value);
}

31
backend/app/Http/Middleware/InRestauranteMiddleware.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Log;
use App\Exceptions\ModelNotFoundException;
use App\Models\Restaurante;
class InRestauranteMiddleware {
public function handle($request, Closure $next) {
$restaurante = Restaurante::findOrFail($request->route('restaurante_id'));
$user = $request->user;
if(!$user->isOnRestaurante($restaurante)) {
Log::debug('El usuario intento acceder a un restaurante que no le pertenece', [
'user' => $user->id,
'restaurante' => $restaurante->id
]);
throw new ModelNotFoundException('restaurante', $restaurante->id);
} else {
Log::debug('El usuario accedio a un restaurante que si le pertenece', [
'user' => $user->id,
'restaurante' => $restaurante->id
]);
}
return $next($request);
}
}

11
backend/app/Http/Middleware/LogEndpointHitMiddleware.php
View File

@@ -7,17 +7,16 @@ use Illuminate\Support\Facades\Log;
class LogEndpointHitMiddleware {
public function handle($request, Closure $next) {
$userId = $request->user ? $request->user->id : null;
$user = $request->user;
$method = $request->getMethod();
$path = $request->getPathInfo();
Log::debug('User ' . $userId . ' hitting ' . $method . ' ' . $path . ' endpoint', [
'user' => $userId,
Log::debug('User ' . $user->id . ' hitting ' . $method . ' ' . $path . ' endpoint', [
'user' => $user->id,
'roles' => implode('|', $user->roles),
'method' => $method,
'path' => $path,
'input' => array_filter($request->input(), function ($key) {
return $key !== 'user';
}, ARRAY_FILTER_USE_KEY)
'input' => array_filter($request->input(), function ($key) { return $key !== 'user'; }, ARRAY_FILTER_USE_KEY)
]);
return $next($request);

6
backend/app/Http/Middleware/RoleMiddleware.php
View File

@@ -3,6 +3,7 @@
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Log;
use App\Exceptions\NotAuthorizedException;
class RoleMiddleware {
@@ -16,6 +17,11 @@ class RoleMiddleware {
}
if(!$has_permission) {
Log::warning('El usuario intento acceder a una ruta sin los roles necesarios', [
'user' => $user->id,
'required_roles' => $raw_roles,
'user_roles' => implode('|', $user->roles)
]);
throw new NotAuthorizedException($request->user);
}

4
backend/app/Models/Usuario.php
View File

@@ -43,6 +43,10 @@ class Usuario extends Model {
return in_array($role, $this->roles);
}
public function isOnRestaurante($restaurante) {
return $this->restaurantes()->where('id', $restaurante->id)->count() > 0;
}
public function restaurantes() {
return $this->belongsToMany(Restaurante::class, 'usuarios_restaurantes', 'usuario_id', 'restaurante_id');
}

3
backend/bootstrap/app.php
View File

@@ -77,7 +77,8 @@ $app->configure('logging');
$app->routeMiddleware([
'auth' => App\Http\Middleware\Auth0Middleware::class,
'log_endpoint' => App\Http\Middleware\LogEndpointHitMiddleware::class,
'role' => App\Http\Middleware\RoleMiddleware::class
'role' => App\Http\Middleware\RoleMiddleware::class,
'in_restaurante' => App\Http\Middleware\InRestauranteMiddleware::class
]);
$app->middleware([

106
backend/routes/web.php
View File

@@ -9,11 +9,11 @@ $router->get('/', function () use ($router) {
$router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], function () use ($router) {
$router->group(['prefix' => '/users'], function () use ($router) {
$router->get( '/', ['as' => 'users.all', 'uses' => 'UsuariosController@all', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/me', ['as' => 'users.get_me', 'uses' => 'UsuariosController@getMe']);
$router->get( '/{id}', ['as' => 'users.get', 'uses' => 'UsuariosController@get', 'middleware' => ['role:admin|global_admin']]);
$router->post( '/', ['as' => 'users.create', 'uses' => 'UsuariosController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{id}', ['as' => 'users.update', 'uses' => 'UsuariosController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{id}', ['as' => 'users.delete', 'uses' => 'UsuariosController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/me', ['as' => 'users.get_me', 'uses' => 'UsuariosController@getMe']);
$router->get( '/{id}/restaurantes/', ['as' => 'users.get_restaurantes', 'uses' => 'UsuariosController@getRestaurantes', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{id}/restaurantes/{restaurant}', ['as' => 'users.add_to_restaurant', 'uses' => 'UsuariosController@addToRestaurant', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{id}/restaurantes/{restaurant}', ['as' => 'users.remove_from_restaurant', 'uses' => 'UsuariosController@removeFromRestaurant', 'middleware' => ['role:admin|global_admin']]);
@@ -26,67 +26,67 @@ $router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']],
$router->put( '/{id}', ['as' => 'restaurant.update', 'uses' => 'RestaurantesController@update', 'middleware' => ['role:global_admin']]);
$router->delete('/{id}', ['as' => 'restaurant.delete', 'uses' => 'RestaurantesController@delete', 'middleware' => ['role:global_admin']]);
$router->get( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.all', 'uses' => 'CanalesVentaController@all']);
$router->get( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.get', 'uses' => 'CanalesVentaController@get']);
$router->post( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.create', 'uses' => 'CanalesVentaController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.update', 'uses' => 'CanalesVentaController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.delete', 'uses' => 'CanalesVentaController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.all', 'uses' => 'CanalesVentaController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.get', 'uses' => 'CanalesVentaController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/canales-venta', ['as' => 'canales-venta.create', 'uses' => 'CanalesVentaController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.update', 'uses' => 'CanalesVentaController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/canales-venta/{id}', ['as' => 'canales-venta.delete', 'uses' => 'CanalesVentaController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/sectores', ['as' => 'sectores.all', 'uses' => 'SectoresController@all']);
$router->get( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.get', 'uses' => 'SectoresController@get']);
$router->post( '/{restaurante_id}/sectores', ['as' => 'sectores.create', 'uses' => 'SectoresController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.update', 'uses' => 'SectoresController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/sectores/{id}', ['as' => 'sectores.delete', 'uses' => 'SectoresController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/sectores', ['as' => 'sectores.all', 'uses' => 'SectoresController@all', 'middleware' => ['in_restaurante']);
$router->get( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.get', 'uses' => 'SectoresController@get', 'middleware' => ['in_restaurante']);
$router->post( '/{restaurante_id}/sectores', ['as' => 'sectores.create', 'uses' => 'SectoresController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/sectores/{id}', ['as' => 'sectores.update', 'uses' => 'SectoresController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/sectores/{id}', ['as' => 'sectores.delete', 'uses' => 'SectoresController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.all', 'uses' => 'ZonasProduccionController@all']);
$router->get( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.get', 'uses' => 'ZonasProduccionController@get']);
$router->post( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.create', 'uses' => 'ZonasProduccionController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.update', 'uses' => 'ZonasProduccionController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.delete', 'uses' => 'ZonasProduccionController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.all', 'uses' => 'ZonasProduccionController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.get', 'uses' => 'ZonasProduccionController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/zonas-produccion', ['as' => 'zonas-produccion.create', 'uses' => 'ZonasProduccionController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.update', 'uses' => 'ZonasProduccionController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/zonas-produccion/{id}', ['as' => 'zonas-produccion.delete', 'uses' => 'ZonasProduccionController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/categorias', ['as' => 'categorias.all', 'uses' => 'CategoriasController@all']);
$router->get( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.get', 'uses' => 'CategoriasController@get']);
$router->post( '/{restaurante_id}/categorias', ['as' => 'categorias.create', 'uses' => 'CategoriasController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.update', 'uses' => 'CategoriasController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/categorias/{id}', ['as' => 'categorias.delete', 'uses' => 'CategoriasController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/categorias', ['as' => 'categorias.all', 'uses' => 'CategoriasController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.get', 'uses' => 'CategoriasController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/categorias', ['as' => 'categorias.create', 'uses' => 'CategoriasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/categorias/{id}', ['as' => 'categorias.update', 'uses' => 'CategoriasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/categorias/{id}', ['as' => 'categorias.delete', 'uses' => 'CategoriasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/proveedores', ['as' => 'proveedores.all', 'uses' => 'ProveedoresController@all']);
$router->get( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.get', 'uses' => 'ProveedoresController@get']);
$router->post( '/{restaurante_id}/proveedores', ['as' => 'proveedores.create', 'uses' => 'ProveedoresController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.update', 'uses' => 'ProveedoresController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.delete', 'uses' => 'ProveedoresController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/proveedores', ['as' => 'proveedores.all', 'uses' => 'ProveedoresController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.get', 'uses' => 'ProveedoresController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/proveedores', ['as' => 'proveedores.create', 'uses' => 'ProveedoresController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.update', 'uses' => 'ProveedoresController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/proveedores/{id}', ['as' => 'proveedores.delete', 'uses' => 'ProveedoresController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.all', 'uses' => 'IngredientesController@all']);
$router->get( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.get', 'uses' => 'IngredientesController@get']);
$router->post( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.create', 'uses' => 'IngredientesController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.update', 'uses' => 'IngredientesController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.delete', 'uses' => 'IngredientesController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.all', 'uses' => 'IngredientesController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.get', 'uses' => 'IngredientesController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/ingredientes', ['as' => 'ingredientes.create', 'uses' => 'IngredientesController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.update', 'uses' => 'IngredientesController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/ingredientes/{id}', ['as' => 'ingredientes.delete', 'uses' => 'IngredientesController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/productos', ['as' => 'productos.all', 'uses' => 'ProductosController@all']);
$router->get( '/{restaurante_id}/productos/{id}', ['as' => 'productos.get', 'uses' => 'ProductosController@get']);
$router->post( '/{restaurante_id}/productos', ['as' => 'productos.create', 'uses' => 'ProductosController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/productos/{id}', ['as' => 'productos.update', 'uses' => 'ProductosController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/productos/{id}', ['as' => 'productos.delete', 'uses' => 'ProductosController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/productos', ['as' => 'productos.all', 'uses' => 'ProductosController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/productos/{id}', ['as' => 'productos.get', 'uses' => 'ProductosController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/productos', ['as' => 'productos.create', 'uses' => 'ProductosController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/productos/{id}', ['as' => 'productos.update', 'uses' => 'ProductosController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/productos/{id}', ['as' => 'productos.delete', 'uses' => 'ProductosController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/', ['as' => 'productos.receta.all', 'uses' => 'RecetasController@all']);
$router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.get', 'uses' => 'RecetasController@get']);
$router->post( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.add_ingrediente', 'uses' => 'RecetasController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.update_ingrediente', 'uses' => 'RecetasController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.remove_ingrediente', 'uses' => 'RecetasController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/', ['as' => 'productos.receta.all', 'uses' => 'RecetasController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.get', 'uses' => 'RecetasController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.add_ingrediente', 'uses' => 'RecetasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.update_ingrediente', 'uses' => 'RecetasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/productos/{producto_id}/ingredientes/{ingrediente_id}', ['as' => 'productos.receta.remove_ingrediente', 'uses' => 'RecetasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/compras', ['as' => 'compras.all', 'uses' => 'ComprasController@all']);
$router->get( '/{restaurante_id}/compras/{id}', ['as' => 'compras.get', 'uses' => 'ComprasController@get']);
$router->post( '/{restaurante_id}/compras', ['as' => 'compras.create', 'uses' => 'ComprasController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/compras/{id}', ['as' => 'compras.update', 'uses' => 'ComprasController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/compras/{id}', ['as' => 'compras.delete', 'uses' => 'ComprasController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/compras', ['as' => 'compras.all', 'uses' => 'ComprasController@all', 'middleware' => ['in_restaurante']]);
$router->get( '/{restaurante_id}/compras/{id}', ['as' => 'compras.get', 'uses' => 'ComprasController@get', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/compras', ['as' => 'compras.create', 'uses' => 'ComprasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/compras/{id}', ['as' => 'compras.update', 'uses' => 'ComprasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/compras/{id}', ['as' => 'compras.delete', 'uses' => 'ComprasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/compras/{id}/ingredientes', ['as' => 'compras.ingredientes.get', 'uses' => 'ComprasController@getIngredientes']);
$router->post( '/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.add', 'uses' => 'ComprasController@addIngrediente', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.delete', 'uses' => 'ComprasController@deleteIngrediente','middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/compras/{id}/ingredientes', ['as' => 'compras.ingredientes.get', 'uses' => 'ComprasController@getIngredientes', 'middleware' => ['in_restaurante']]);
$router->post( '/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.add', 'uses' => 'ComprasController@addIngrediente', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/compras/{id}/ingredientes/{ingrediente_id}', ['as' => 'compras.ingredientes.delete', 'uses' => 'ComprasController@deleteIngrediente','middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->get( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.get', 'uses' => 'FacturasController@get']);
$router->post( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.create', 'uses' => 'FacturasController@create', 'middleware' => ['role:admin|global_admin']]);
$router->put( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.update', 'uses' => 'FacturasController@update', 'middleware' => ['role:admin|global_admin']]);
$router->delete('/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.delete', 'uses' => 'FacturasController@delete', 'middleware' => ['role:admin|global_admin']]);
$router->get( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.get', 'uses' => 'FacturasController@get', 'middleware' => ['in_restaurante']]]);
$router->post( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.create', 'uses' => 'FacturasController@create', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->put( '/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.update', 'uses' => 'FacturasController@update', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
$router->delete('/{restaurante_id}/compras/{id}/factura', ['as' => 'factura.delete', 'uses' => 'FacturasController@delete', 'middleware' => ['role:admin|global_admin', 'in_restaurante']]);
});
});