39 lines
1005 B
PHP
39 lines
1005 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class CheckPermission
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*/
|
|
public function handle(Request $request, Closure $next, string $permission): Response
|
|
{
|
|
if (!auth()->check()) {
|
|
return redirect()->route('login');
|
|
}
|
|
|
|
$user = auth()->user();
|
|
|
|
// Super admin has all permissions
|
|
if ($user->type === 'superadmin' || $user->type === 'super admin') {
|
|
return $next($request);
|
|
}
|
|
|
|
// Check if user has the required permission
|
|
if (!$user->hasPermissionTo($permission)) {
|
|
if ($request->expectsJson()) {
|
|
return response()->json(['message' => 'Forbidden'], 403);
|
|
}
|
|
|
|
// Redirect to first available page
|
|
return redirect()->route('dashboard.redirect');
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
} |