tethys/app/Http/Middleware/WebAuthorizeFile.php

61 lines
1.5 KiB
PHP
Raw Permalink Normal View History

<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use App\Models\Dataset;
use App\Models\User;
use App\Models\File;
class WebAuthorizeFile
{
const DELIMITER = '|';
protected $auth;
/**
* Creates a new instance of the middleware.
*
* @param Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(\Illuminate\Http\Request $request, Closure $next)
{
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
// abort(403);
// }
$userId = $this->auth->user()->id;
$fileId = $request->route('id');
$file = File::with('dataset')->findOrFail($fileId);
$datasetId = $file->dataset->id;
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
abort(403, "You are not allowed to do this action!");
}
return $next($request);
}
private function isUserDatasetAdmin($userId, $datasetId)
{
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
$user = User::findOrFail($userId);
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
return true;
} else {
return false;
}
}
}