Clever Geek Handbook

Laravel 4 conditional route filter

I have a group of routes that I want to allow the user to access only if they are in a specific department, or the ID on the path they are aiming to access matches the registered ID.

I have:

Route::group(array('before' => 'auth.department:6|auth.me'), function () {

    Route::get('users/{id}/outofoffice', ['as' => 'users.outofoffice.form', 'uses' => 'RackspaceController@outOfOfficeForm']);
    Route::post('users/{id}/outofoffice', ['as' => 'users.outofoffice.save', 'uses' => 'RackspaceController@outOfOfficeSave']);

    Route::get('users', ['as' => 'users.list', 'uses' => 'UserController@index']);
    Route::get('users/{id}/edit', ['as' => 'users.edit', 'uses' => 'UserController@edit']);
    Route::post('users/{id}', ['as' => 'users.update', 'uses' => 'UserController@update']);

});

But it doesn't work, previously "auth.department: 6" works as expected, but when I change it to "auth.department: 6 | auth.me" the user is still denied access. Filters are defined as:

Route::filter('auth.department', function($route, $request)
{
if(Auth::level() > 5) return null;

$departmentIds = array_slice(func_get_args(), 2);

if(!in_array(Auth::dept(), $departmentIds)) {
    if (Request::ajax())
    {
        return Response::make('Unauthorized', 401);
    }
    else
    {
        return Response::make('Unauthorized', 401);
    }
}

});

Route::filter('auth.me', function(\Illuminate\Routing\Route $route, $request){
if($route->getParameter('id') == Auth::id()) {
    return null;
} else {
    return BaseController::failed(['authorization' => ['Unauthorized']], 401);
}
});

I did this:

Route::filter('auth.dept-6-or-me', function(\Illuminate\Routing\Route $route, $request){
if(Auth::level() > 5) return null;
$departmentIds = array_slice(func_get_args(), 2);
if($route->getParameter('id') == Auth::id()) {
    return null;
}
elseif(!in_array(Auth::dept(), $departmentIds)) {
    if (Request::ajax())
    {
        return Response::make('Unauthorized', 401);
    }
    else
    {
        return Response::make('Unauthorized', 401);
    }
} else {
    if (Request::ajax())
    {
        return Response::make('Unauthorized', 401);
    }
    else
    {
        return Response::make('Unauthorized', 401);
    }
}
});
+3


source to share


1 answer


Not a solution, but maybe it will help someone.

Same, work was mentioned here How to apply multiple filters in a Laravel 4 route group?

Also I tested this right now because I had the same problem. So, | The sign only means AND, it works like that, I used it with the Sentry plugin .

Route::post('/insert', array('as' => 'insertKom', 'uses' => 'KommunikationController@insertKom', 'before' => 'hasAccess:admin|hasAccess:contact.insert'));

For example my 2 permissions:

hasAccess:admin: 1
hasAccess:contact.insert: 1

This solution passed, the user can access the route.



What changed the permission to:

hasAccess:admin: 0
hasAccess:contact.insert: 1

However, this decision somehow passed. The user has accessed the route. Not really sure why.

What changed the permission to:

hasAccess:admin: 1
hasAccess:contact.insert: 0

And this one did not pass. The user does not have access to the route. The interesting thing, for example, is just checking the last permission.

0


source






More articles:


All Articles