Sign upLogin

AsgardCms/Core

View on GitHub
Star
Http/Middleware/PermissionMiddleware.php

Summary

Maintainability
A
0 mins
Test Coverage
<?php namespace Modules\Core\Http\Middleware;

use Illuminate\Http\Request;
use Illuminate\Routing\Route;
use Illuminate\Support\Facades\Redirect;
use Laracasts\Flash\Flash;
use Modules\Core\Contracts\Authentication;

class PermissionMiddleware
{
    /**
     * @var Authentication
     */
    private $auth;
    /**
     * @var Route
     */
    private $route;

    /**
     * @param Authentication $auth
     * @param Route          $route
     */
    public function __construct(Authentication $auth, Route $route)
    {
        $this->auth = $auth;
        $this->route = $route;
    }

    /**
     * @param Request  $request
     * @param callable $next
     * @return mixed
     */
    public function handle(Request $request, \Closure $next)
    {
        $action = $this->route->getActionName();
        $actionMethod = substr($action, strpos($action, "@") + 1);

        $segmentPosition = $this->getSegmentPosition($request);
        $moduleName = $this->getModuleName($request, $segmentPosition);
        $entityName = $this->getEntityName($request, $segmentPosition);
        $permission = $this->getPermission($moduleName, $entityName, $actionMethod);

        if (!$this->auth->hasAccess($permission)) {
            Flash::error(trans('core::core.permission denied', ['permission' => $permission]));

            return Redirect::back();
        }

        return $next($request);
    }

    /**
     * Get the correct segment position based on the locale or not
     *
     * @param $request
     * @return mixed
     */
    private function getSegmentPosition(Request $request)
    {
        $segmentPosition = config('laravellocalization.hideDefaultLocaleInURL', false) ? 3 : 4;

        if ($request->segment($segmentPosition) == config('asgard.core.core.admin-prefix')) {
            return ++ $segmentPosition;
        }

        return $segmentPosition;
    }

    /**
     * @param $moduleName
     * @param $entityName
     * @param $actionMethod
     * @return string
     */
    private function getPermission($moduleName, $entityName, $actionMethod)
    {
        return ltrim($moduleName . '.' . $entityName . '.' . $actionMethod, '.');
    }

    /**
     * @param Request $request
     * @param         $segmentPosition
     * @return string
     */
    protected function getModuleName(Request $request, $segmentPosition)
    {
        return $request->segment($segmentPosition - 1);
    }

    /**
     * @param Request $request
     * @param         $segmentPosition
     * @return string
     */
    protected function getEntityName(Request $request, $segmentPosition)
    {
        $entityName = $request->segment($segmentPosition);

        return $entityName ?: 'dashboard';
    }
}