From 6c552e653592946e544c4b826be0af57ee9793be Mon Sep 17 00:00:00 2001
From: icalF <laser.survivor@gmail.com>
Date: Mon, 4 Apr 2016 12:46:54 +0700
Subject: [PATCH] role based auth middleware finished
---
.../Controllers/AdminDashboardController.php | 15 -----
app/Http/Controllers/ScheduleController.php | 7 ++
app/Http/Controllers/TpsController.php | 6 ++
app/Http/Controllers/UserController.php | 6 ++
app/Http/Kernel.php | 4 +-
app/Http/Middleware/Authenticate.php | 1 -
app/Http/Middleware/AuthorizedManager.php | 45 +++++++++++++
app/Http/Middleware/AuthorizedScheduler.php | 44 +++++++++++++
app/Http/Middleware/AuthorizedUser.php | 42 ++++++++++++
.../PermissionsRequiredMiddleware.php | 65 -------------------
app/Http/routes.php | 10 +--
app/User.php | 5 +-
.../2016_04_01_092434_create_roles_table.php | 2 +
...016_04_02_172129_create_schedule_table.php | 34 ----------
14 files changed, 163 insertions(+), 123 deletions(-)
delete mode 100644 app/Http/Controllers/AdminDashboardController.php
create mode 100644 app/Http/Middleware/AuthorizedManager.php
create mode 100644 app/Http/Middleware/AuthorizedScheduler.php
create mode 100644 app/Http/Middleware/AuthorizedUser.php
delete mode 100644 app/Http/Middleware/PermissionsRequiredMiddleware.php
delete mode 100644 database/migrations/2016_04_02_172129_create_schedule_table.php
diff --git a/app/Http/Controllers/AdminDashboardController.php b/app/Http/Controllers/AdminDashboardController.php
deleted file mode 100644
index d287d20..0000000
--- a/app/Http/Controllers/AdminDashboardController.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-
-namespace App\Http\Controllers;
-
-use Illuminate\Http\Request;
-
-use App\Http\Requests;
-
-class AdminDashboardController extends Controller
-{
- public function index()
- {
- return 'Admin';
- }
-}
diff --git a/app/Http/Controllers/ScheduleController.php b/app/Http/Controllers/ScheduleController.php
index f21761e..953e9f7 100644
--- a/app/Http/Controllers/ScheduleController.php
+++ b/app/Http/Controllers/ScheduleController.php
@@ -8,6 +8,12 @@ use App\Http\Requests;
class ScheduleController extends Controller
{
+ public function __construct()
+ {
+ $this->middleware('auth');
+ $this->middleware('scheduler');
+ }
+
public function index()
{
return Schedule::all();
@@ -48,3 +54,4 @@ class ScheduleController extends Controller
Schedule::find($id)->delete();
return Schedule::all();
}
+}
\ No newline at end of file
diff --git a/app/Http/Controllers/TpsController.php b/app/Http/Controllers/TpsController.php
index 436e9bc..afe211c 100644
--- a/app/Http/Controllers/TpsController.php
+++ b/app/Http/Controllers/TpsController.php
@@ -8,6 +8,12 @@ use App\Http\Requests;
class TpsController extends Controller
{
+ public function __construct()
+ {
+ $this->middleware('auth');
+ $this->middleware('manager');
+ }
+
public function index()
{
return Tps::all();
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index fe4904f..b7097e8 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -8,6 +8,12 @@ use App\Http\Requests;
class UserController extends Controller
{
+ public function __construct()
+ {
+ $this->middleware('auth');
+ $this->middleware('user');
+ }
+
public function index()
{
return User::all();
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 3efdcaa..1a79671 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -48,6 +48,8 @@ class Kernel extends HttpKernel
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
- 'permissions.required' => \App\Http\Middleware\PermissionsRequiredMiddleware::class,
+ 'user' => \App\Http\Middleware\AuthorizedUser::class,
+ 'manager' => \App\Http\Middleware\AuthorizedManager::class,
+ 'scheduler' => \App\Http\Middleware\AuthorizedScheduler::class,
];
}
diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
index c09d7cd..7ddc5c3 100644
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -17,7 +17,6 @@ class Authenticate
*/
public function handle($request, Closure $next, $guard = null)
{
- // dd($request);
if (Auth::guard($guard)->guest()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 403);
diff --git a/app/Http/Middleware/AuthorizedManager.php b/app/Http/Middleware/AuthorizedManager.php
new file mode 100644
index 0000000..e4f943e
--- /dev/null
+++ b/app/Http/Middleware/AuthorizedManager.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Auth;
+use App\Tps;
+
+class AuthorizedManager
+{
+ /**
+ * Handle an incoming request.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @param \Closure $next
+ * @return mixed
+ */
+ public function handle($request, Closure $next)
+ {
+ $user = Auth::user();
+ $role = $user->role();
+ $param = $request->route()->parameters();
+ $tps_id = !$param ? null : $param['tps'];
+ $tps = Tps::find($tps_id);
+ $mgr_id = !$tps ? null : $tps->id_manager;
+
+ if (!$tps_id)
+ {
+ if ($role == 'admin')
+ {
+ return $next($request);
+ }
+ else
+ {
+ return redirect('/')->with('error', 'Not authorized');
+ }
+ }
+ else if ($mgr_id && $user->id == $mgr_id)
+ {
+ return $next($request);
+ }
+
+ return redirect('/')->with('error', 'Not authorized');
+ }
+}
diff --git a/app/Http/Middleware/AuthorizedScheduler.php b/app/Http/Middleware/AuthorizedScheduler.php
new file mode 100644
index 0000000..42d4a6e
--- /dev/null
+++ b/app/Http/Middleware/AuthorizedScheduler.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Auth;
+
+class AuthorizedScheduler
+{
+ /**
+ * Handle an incoming request.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @param \Closure $next
+ * @return mixed
+ */
+ public function handle($request, Closure $next)
+ {
+ $user = Auth::user();
+ $role = $user->role();
+ $param = $request->route()->parameters();
+ $tps_id = $request->input('id_tps');
+ $tps = !$tps_id ? null : Tps::find($tps_id);
+ $mgr_id = !$tps ? null : $tps->id_manager;
+
+ if (!$tps_id)
+ {
+ if ($role == 'admin')
+ {
+ return $next($request);
+ }
+ else
+ {
+ return redirect('/')->with('error', 'Not authorized');
+ }
+ }
+ else if ($mgr_id && $user->id == $mgr_id)
+ {
+ return $next($request);
+ }
+
+ return redirect('/')->with('error', 'Not authorized');
+ }
+}
diff --git a/app/Http/Middleware/AuthorizedUser.php b/app/Http/Middleware/AuthorizedUser.php
new file mode 100644
index 0000000..b19481a
--- /dev/null
+++ b/app/Http/Middleware/AuthorizedUser.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Auth;
+
+class AuthorizedUser
+{
+ /**
+ * Handle an incoming request.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @param \Closure $next
+ * @return mixed
+ */
+ public function handle($request, Closure $next)
+ {
+ $user = Auth::user();
+ $role = $user->role();
+ $id = !$request->route()->parameters() ? null :
+ $request->route()->parameters()['user'];
+
+ if (!$id)
+ {
+ if ($role == 'admin')
+ {
+ return $next($request);
+ }
+ else
+ {
+ return redirect('/')->with('error', 'Not authorized');
+ }
+ }
+ else if ($user->id == $id)
+ {
+ return $next($request);
+ }
+
+ return redirect('/')->with('error', 'Not authorized');
+ }
+}
diff --git a/app/Http/Middleware/PermissionsRequiredMiddleware.php b/app/Http/Middleware/PermissionsRequiredMiddleware.php
deleted file mode 100644
index fd328f0..0000000
--- a/app/Http/Middleware/PermissionsRequiredMiddleware.php
+++ /dev/null
@@ -1,65 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-
-class PermissionsRequiredMiddleware
-{
- /**
- * Handle an incoming request.
- *
- * @param \Illuminate\Http\Request $request
- * @param \Closure $next
- * @return mixed
- */
- public function handle($request, Closure $next)
- {
- return \Auth::user();
- // Check if a user is logged in.
- if (!$user = $request->user())
- {
- return redirect()->guest('login');
- }
-
- // Get the current route.
- $route = $request->route();
-
- // Get the current route actions.
- $actions = $route->getAction();
-
- // Check if we have any permissions to check the user has.
- if (!$permissions = isset($actions['permissions']) ? $actions['permissions'] : null)
- {
- // No permissions to check, allow access.
- return abort(403);
- }
-
- // Fetch all of the matching user permissions.
- $userPermissions = array_fetch($user->permissions()->whereIn('slug', (array) $permissions)->get()->toArray(), 'slug');
-
- // Turn the permissions we require into an array.
- $permissions = (array) $permissions;
-
- // Check if we require all permissions, or just one.
- if (isset($actions['permissions_require_all']))
- {
- // If user has EVERY permission required.
- if (count($permissions) == count($userPermissions))
- {
- // Access is granted.
- return $next($request);
- }
- } else {
- // If the user has the permission.
- if (count($userPermissions) >= 1)
- {
- // Access is granted and the rest of the permissions are ignored.
- return $next($request);
- }
- }
-
- // If we reach this far, the user does not have the required permissions.
- return abort(404);
- }
-}
diff --git a/app/Http/routes.php b/app/Http/routes.php
index d5ef42b..558ea36 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -11,12 +11,12 @@
|
*/
-Route::group(['middleware' => ['web', ]], function () {
+Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::get('/', 'HomeController@index'); // homnya kan cm 1
Route::get('/home', 'HomeController@index');
-});
-Route::resource('user', 'UserController');
-Route::resource('tps', 'TpsController');
-Route::resource('schedule', 'ScheduleController');
+ Route::resource('user', 'UserController');
+ Route::resource('tps', 'TpsController');
+ Route::resource('schedule', 'ScheduleController');
+});
diff --git a/app/User.php b/app/User.php
index 3fa6df9..6f4666a 100644
--- a/app/User.php
+++ b/app/User.php
@@ -24,9 +24,10 @@ class User extends Authenticatable
'password', 'remember_token',
];
- public function roles()
+ public function role()
{
- return $this->belongsTo('App\Role');
+ // $this->belongsTo('App\Role');
+ return Role::find($this->role_id)->name;
}
public function schedule()
diff --git a/database/migrations/2016_04_01_092434_create_roles_table.php b/database/migrations/2016_04_01_092434_create_roles_table.php
index 0b22c92..dbad67f 100644
--- a/database/migrations/2016_04_01_092434_create_roles_table.php
+++ b/database/migrations/2016_04_01_092434_create_roles_table.php
@@ -3,6 +3,8 @@
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
+use App\Role;
+
class CreateRolesTable extends Migration
{
/**
diff --git a/database/migrations/2016_04_02_172129_create_schedule_table.php b/database/migrations/2016_04_02_172129_create_schedule_table.php
deleted file mode 100644
index d45e5c1..0000000
--- a/database/migrations/2016_04_02_172129_create_schedule_table.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
-
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Database\Migrations\Migration;
-
-class CreateScheduleTable extends Migration
-{
- /**
- * Run the migrations.
- *
- * @return void
- */
- public function up()
- {
- Schema::create('schedule', function(Blueprint $table)
- {
- $table->increments('id');
- $table->integer('id_tps')->unsigned();
- $table->integer('id_user')->unsigned();
- $table->timestamp('time');
- $table->timestamps();
- });
- }
-
- /**
- * Reverse the migrations.
- *
- * @return void
- */
- public function down()
- {
- Schema::drop('schedule');
- }
-}
--
GitLab