31 lines
844 B
PHP
31 lines
844 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Support\Facades\Log;
|
|
use App\Exceptions\NotAuthorizedException;
|
|
|
|
class RoleMiddleware {
|
|
public function handle($request, Closure $next, $raw_roles) {
|
|
$user = $request->user;
|
|
$roles = explode('|', $raw_roles);
|
|
$has_permission = false;
|
|
|
|
foreach($roles as $role){
|
|
$has_permission = $has_permission || $user->hasRole($role);
|
|
}
|
|
|
|
if(!$has_permission) {
|
|
Log::warning('El usuario intento acceder a una ruta sin los roles necesarios', [
|
|
'user' => $user->id,
|
|
'required_roles' => $raw_roles,
|
|
'user_roles' => implode('|', $user->roles)
|
|
]);
|
|
throw new NotAuthorizedException($request->user);
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
}
|