diff --git a/src/Member/Member.php b/src/Member/Member.php index ba657728414eeaa35d2fb5937ed01670da6f7c4f..5b66baef50fe3ba895fa0a2e29f9285b48e135c9 100644 --- a/src/Member/Member.php +++ b/src/Member/Member.php @@ -130,7 +130,7 @@ class Member extends Authenticatable /** * Checks if the member has a permission by its name. - *cachedPermissions + * * @param string|array $name Permission name or array of permission names. * @param bool $requireAll All permissions in the array are required. * @@ -155,7 +155,7 @@ class Member extends Authenticatable return $requireAll; } else { foreach ($this->cachedPermissions() as $permission) { - if ($permission->name == $name) { + if (str_is($name, $permission->name)) { return true; } } @@ -164,6 +164,36 @@ class Member extends Authenticatable return false; } + /** + * Checks if the member has a admin permission by its name. + * + * @param string|array $name Permission name or array of permission names. + * @param bool $requireAll All permissions in the array are required. + * + * @return bool + */ + public function hasAdminPermission($name, $requireAll = false) + { + $adminName = $name; + + if (is_array($name)) { + $adminName = array_map(function ($val) { + if (str_contains($val, '*')) { + return $val; + } + + return Permission::ADMIN_PREFIX . $val; + }, $name); + } else { + + if (! str_contains($name, '*')) { + $adminName = Permission::ADMIN_PREFIX . $name; + } + } + + return $this->hasPermission($adminName, $requireAll); + } + /** * Attach permission to current role. * diff --git a/src/Member/MemberServiceProvider.php b/src/Member/MemberServiceProvider.php index ae7892c694234e9434d43de1fad51fd1a4f7abff..144600fe44345931a0d459faa6e872a1af4852fa 100644 --- a/src/Member/MemberServiceProvider.php +++ b/src/Member/MemberServiceProvider.php @@ -9,8 +9,9 @@ namespace Notadd\Foundation\Member; use Illuminate\Support\ServiceProvider; -use Notadd\Foundation\Member\Commands\PermissionCommand; use Notadd\Foundation\Member\Middleware\Permission; +use Notadd\Foundation\Member\Middleware\AdminPermission; +use Notadd\Foundation\Member\Commands\PermissionCommand; /** * Class MemberServiceProvider. @@ -41,6 +42,7 @@ class MemberServiceProvider extends ServiceProvider public function registerMiddleware() { $this->app['router']->middleware('permission', Permission::class); + $this->app['router']->middleware('admin-permission', AdminPermission::class); } public function registerCommands() diff --git a/src/Member/Middleware/AdminPermission.php b/src/Member/Middleware/AdminPermission.php new file mode 100644 index 0000000000000000000000000000000000000000..2b85934ba6ac95bec4c485332f88565c8d4e2353 --- /dev/null +++ b/src/Member/Middleware/AdminPermission.php @@ -0,0 +1,39 @@ + + * @copyright (c) 2017, iBenchu.org + * @datetime 2017-02-17 17:20 + */ + +namespace Notadd\Foundation\Member\Middleware; + +use Closure; +use Illuminate\Http\Request; +use Illuminate\Http\JsonResponse; + +class AdminPermission extends Permission +{ + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param Closure $next + * @param $permissions + * + * @return mixed + */ + public function handle(Request $request, Closure $next, $permissions, $guard = 'admin') + { + if ($this->auth->guard($guard)->guest() || ! $request->user($guard)->hasAdminPermission(explode('|', $permissions))) { + if ($this->wantsJson()) { + return new JsonResponse('Forbidden', 403); + } + + abort(403); + } + + return $next($request); + } +}