61 lines
1.5 KiB
PHP
61 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Contracts\Auth\Guard;
|
|
use App\Models\Dataset;
|
|
use App\Models\User;
|
|
use App\Models\File;
|
|
|
|
class WebAuthorizeFile
|
|
{
|
|
const DELIMITER = '|';
|
|
|
|
protected $auth;
|
|
|
|
/**
|
|
* Creates a new instance of the middleware.
|
|
*
|
|
* @param Guard $auth
|
|
*/
|
|
public function __construct(Guard $auth)
|
|
{
|
|
$this->auth = $auth;
|
|
}
|
|
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
* @return mixed
|
|
*/
|
|
public function handle(\Illuminate\Http\Request $request, Closure $next)
|
|
{
|
|
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
|
|
// abort(403);
|
|
// }
|
|
$userId = $this->auth->user()->id;
|
|
$fileId = $request->route('id');
|
|
$file = File::with('dataset')->findOrFail($fileId);
|
|
$datasetId = $file->dataset->id;
|
|
|
|
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
|
|
abort(403, "You are not allowed to do this action!");
|
|
}
|
|
return $next($request);
|
|
}
|
|
|
|
private function isUserDatasetAdmin($userId, $datasetId)
|
|
{
|
|
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
|
|
$user = User::findOrFail($userId);
|
|
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
}
|