0

How do I check with Entrust if user has permission on route.

I have in my permissions table a route field and the name of the action

for example

can_update_profile, can_delete_profile, can_see_profile

than having the roles I'm adding to each one the privilleges than I tried to implement a middleware which checks on route if user has ability to access controller method but fails.

Entrust can interprets all of the requests as free for access

here is my middleware

<?php

namespace App\Http\Middleware;

use Closure;
use App\Permission;
use Illuminate\Contracts\Auth\Guard;
use Route;

class AuthorizeRoute
{

    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        $user = $this->auth->user();
        $permissions = Permission::all();

        //dd($user);
        $uri = $request->route()->uri();


        foreach ($permissions as $permission) {

            if (!$user->can($permission->name) && $permission->route === $uri) {
                 //var_dump($user->can($permission->name));
                abort(403);
            }
        }

        return $next($request);
    }
}
fefe
  • 8,755
  • 27
  • 104
  • 180

1 Answers1

0

I can't test this, but my guess is that you should write handle() like this

public function handle($request, Closure $next)
{
    $user = $this->auth->user();
    $permissions = Permission::all();

    $uri = $request->route()->uri();

    foreach ($permissions as $permission) {
        // reordered expression order to skip calling $user->can()
        // for routes that don't match
        if ( $permission->route === $uri && $user->can($permission->name) ) {
            // allow access only if it's a match
            return $next($request);
        }
    }

    // nothing matched, abort
    abort(403);
}
ljubadr
  • 2,174
  • 1
  • 20
  • 24