Laravel 4 conditional route filter
I have a group of routes that I want to allow the user to access only if they are in a specific department, or the ID on the path they are aiming to access matches the registered ID.
I have:
Route::group(array('before' => 'auth.department:6|auth.me'), function () {
Route::get('users/{id}/outofoffice', ['as' => 'users.outofoffice.form', 'uses' => 'RackspaceController@outOfOfficeForm']);
Route::post('users/{id}/outofoffice', ['as' => 'users.outofoffice.save', 'uses' => 'RackspaceController@outOfOfficeSave']);
Route::get('users', ['as' => 'users.list', 'uses' => 'UserController@index']);
Route::get('users/{id}/edit', ['as' => 'users.edit', 'uses' => 'UserController@edit']);
Route::post('users/{id}', ['as' => 'users.update', 'uses' => 'UserController@update']);
});
But it doesn't work, previously "auth.department: 6" works as expected, but when I change it to "auth.department: 6 | auth.me" the user is still denied access. Filters are defined as:
Route::filter('auth.department', function($route, $request)
{
if(Auth::level() > 5) return null;
$departmentIds = array_slice(func_get_args(), 2);
if(!in_array(Auth::dept(), $departmentIds)) {
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Response::make('Unauthorized', 401);
}
}
});
Route::filter('auth.me', function(\Illuminate\Routing\Route $route, $request){
if($route->getParameter('id') == Auth::id()) {
return null;
} else {
return BaseController::failed(['authorization' => ['Unauthorized']], 401);
}
});
I did this:
Route::filter('auth.dept-6-or-me', function(\Illuminate\Routing\Route $route, $request){
if(Auth::level() > 5) return null;
$departmentIds = array_slice(func_get_args(), 2);
if($route->getParameter('id') == Auth::id()) {
return null;
}
elseif(!in_array(Auth::dept(), $departmentIds)) {
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Response::make('Unauthorized', 401);
}
} else {
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Response::make('Unauthorized', 401);
}
}
});
source to share
Not a solution, but maybe it will help someone.
Same, work was mentioned here How to apply multiple filters in a Laravel 4 route group?
Also I tested this right now because I had the same problem. So, | The sign only means AND, it works like that, I used it with the Sentry plugin .
Route::post('/insert', array('as' => 'insertKom', 'uses' => 'KommunikationController@insertKom', 'before' => 'hasAccess:admin|hasAccess:contact.insert'));
For example my 2 permissions:
hasAccess:admin: 1
hasAccess:contact.insert: 1
This solution passed, the user can access the route.
What changed the permission to:
hasAccess:admin: 0
hasAccess:contact.insert: 1
However, this decision somehow passed. The user has accessed the route. Not really sure why.
What changed the permission to:
hasAccess:admin: 1
hasAccess:contact.insert: 0
And this one did not pass. The user does not have access to the route. The interesting thing, for example, is just checking the last permission.
source to share