<?php

namespace App\Http\Middleware;

use Closure;
use App\Exceptions\NotAuthorizedException;

class RoleMiddleware {
    public function handle($request, Closure $next, $raw_roles) {
        $user = $request->user;
        $roles = explode('|', $raw_roles);
        $has_permission = false;

        foreach($roles as $role){
            $has_permission = $has_permission || $user->hasRole($role);
        }

        if(!$has_permission) {
            throw new NotAuthorizedException($request->user);
        }

        return $next($request);
    }
}