You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.0 KiB
70 lines
2.0 KiB
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Backpack\CRUD\app\Http\Middleware\AuthenticateSession;
|
|
use Closure;
|
|
|
|
class CheckIfAdmin
|
|
{
|
|
/**
|
|
* Checked that the logged in user is an administrator.
|
|
*
|
|
* --------------
|
|
* VERY IMPORTANT
|
|
* --------------
|
|
* If you have both regular users and admins inside the same table, change
|
|
* the contents of this method to check that the logged in user
|
|
* is an admin, and not a regular user.
|
|
*
|
|
* Additionally, in Laravel 7+, you should change app/Providers/RouteServiceProvider::HOME
|
|
* which defines the route where a logged in user (but not admin) gets redirected
|
|
* when trying to access an admin route. By default it's '/home' but Backpack
|
|
* does not have a '/home' route, use something you've built for your users
|
|
* (again - users, not admins).
|
|
*
|
|
* @param \Illuminate\Contracts\Auth\Authenticatable|null $user
|
|
* @return bool
|
|
*/
|
|
private function checkIfUserIsAdmin($user)
|
|
{
|
|
// return ($user->is_admin == 1);
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Answer to unauthorized access request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
|
|
*/
|
|
private function respondToUnauthorizedRequest($request)
|
|
{
|
|
if ($request->ajax() || $request->wantsJson()) {
|
|
return response(trans('backpack::base.unauthorized'), 401);
|
|
} else {
|
|
return redirect()->guest(backpack_url('login'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
if (backpack_auth()->guest()) {
|
|
return $this->respondToUnauthorizedRequest($request);
|
|
}
|
|
|
|
if (! $this->checkIfUserIsAdmin(backpack_user())) {
|
|
return $this->respondToUnauthorizedRequest($request);
|
|
}
|
|
|
|
return $next($request);
|
|
|
|
}
|
|
}
|
|
|