From e6ad8af661cae0a315774b0383094cb21bd62211 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Cort=C3=A9s?= Date: Tue, 20 Jul 2021 00:45:53 -0400 Subject: [PATCH] Aceptar multiples roles en el middleware de roles --- backend/app/Http/Middleware/RoleMiddleware.php | 12 ++++++++++-- backend/routes/web.php | 16 ++++++++-------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/backend/app/Http/Middleware/RoleMiddleware.php b/backend/app/Http/Middleware/RoleMiddleware.php index f8951da..7bf4643 100644 --- a/backend/app/Http/Middleware/RoleMiddleware.php +++ b/backend/app/Http/Middleware/RoleMiddleware.php @@ -6,8 +6,16 @@ use Closure; use App\Exceptions\NotAuthorizedException; class RoleMiddleware { - public function handle($request, Closure $next, $role) { - if(!$request->user->hasRole($role)) { + public function handle($request, Closure $next, $raw_roles) { + $user = $request->user; + $roles = explode('|', $raw_roles); + $has_permission = false; + + foreach($roles as $role){ + $has_permission = $has_permission || $user->hasRole($role); + } + + if(!$has_permission) { throw new NotAuthorizedException($request->user); } diff --git a/backend/routes/web.php b/backend/routes/web.php index 3f4d97d..5ab2de4 100644 --- a/backend/routes/web.php +++ b/backend/routes/web.php @@ -8,15 +8,15 @@ $router->get('/', function () use ($router) { $router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'log_endpoint']], function () use ($router) { $router->group(['prefix' => '/users'], function () use ($router) { - $router->get( '/', ['as' => 'users.all', 'uses' => 'UsuariosController@all']); + $router->get( '/', ['as' => 'users.all', 'uses' => 'UsuariosController@all', 'middleware' => ['role:admin|global_admin']]); + $router->get( '/{id}', ['as' => 'users.get', 'uses' => 'UsuariosController@get', 'middleware' => ['role:admin|global_admin']]); + $router->post( '/', ['as' => 'users.create', 'uses' => 'UsuariosController@create', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{id}', ['as' => 'users.update', 'uses' => 'UsuariosController@update', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{id}', ['as' => 'users.delete', 'uses' => 'UsuariosController@delete', 'middleware' => ['role:admin|global_admin']]); $router->get( '/me', ['as' => 'users.get_me', 'uses' => 'UsuariosController@getMe']); - $router->get( '/{id}', ['as' => 'users.get', 'uses' => 'UsuariosController@get']); - $router->post( '/', ['as' => 'users.create', 'uses' => 'UsuariosController@create']); - $router->put( '/{id}', ['as' => 'users.update', 'uses' => 'UsuariosController@update']); - $router->delete('/{id}', ['as' => 'users.delete', 'uses' => 'UsuariosController@delete']); - $router->get( '/{id}/restaurantes/', ['as' => 'users.get_restaurantes', 'uses' => 'UsuariosController@getRestaurantes']); - $router->put( '/{id}/restaurantes/{restaurant}', ['as' => 'users.add_to_restaurant', 'uses' => 'UsuariosController@addToRestaurant']); - $router->delete('/{id}/restaurantes/{restaurant}', ['as' => 'users.remove_from_restaurant', 'uses' => 'UsuariosController@removeFromRestaurant']); + $router->get( '/{id}/restaurantes/', ['as' => 'users.get_restaurantes', 'uses' => 'UsuariosController@getRestaurantes', 'middleware' => ['role:admin|global_admin']]); + $router->put( '/{id}/restaurantes/{restaurant}', ['as' => 'users.add_to_restaurant', 'uses' => 'UsuariosController@addToRestaurant', 'middleware' => ['role:admin|global_admin']]); + $router->delete('/{id}/restaurantes/{restaurant}', ['as' => 'users.remove_from_restaurant', 'uses' => 'UsuariosController@removeFromRestaurant', 'middleware' => ['role:admin|global_admin']]); }); $router->group(['prefix' => '/restaurantes'], function () use ($router) {