30 lines
604 B
PHP
30 lines
604 B
PHP
<?php
|
|
|
|
namespace PdAuth\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
|
|
class CheckRole
|
|
{
|
|
|
|
public function handle(Request $request, Closure $next)
|
|
{
|
|
$uses = $request->route()[1]['uses'];
|
|
list($controller, $action) = explode('@', $uses);
|
|
$roles = $controller::Privileges;
|
|
|
|
if (empty($roles) || empty($roles[$action])) {
|
|
api_abort(403, '未定义权限');
|
|
}
|
|
|
|
$user = $request->user();
|
|
|
|
if (!$user->hasRoles($roles[$action])) {
|
|
api_abort(403, '无权访问');
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
} |