mirror of
https://gitlab.com/TheGamecraft/c-cms.git
synced 2026-04-21 18:59:09 -04:00
44 lines
1.1 KiB
PHP
44 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
|
|
class CheckCoursePerm
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next,$perm = 'see')
|
|
{
|
|
$course = \App\Course::findOrFail($request->id);
|
|
|
|
if (\Auth::user()->id == $course->user_id)
|
|
{
|
|
if ($perm == 'see' || $perm == 'edit')
|
|
{
|
|
return $next($request);
|
|
}
|
|
}
|
|
|
|
if (\Auth::user()->p('course_'.$perm.'_all') == 1)
|
|
{
|
|
return $next($request);
|
|
}
|
|
if (\Auth::user()->p('course_'.$perm) == 1)
|
|
{
|
|
return $next($request);
|
|
}
|
|
if ($perm == 'validate_plan')
|
|
{
|
|
abort(401);
|
|
}
|
|
clog('navigate','danger','L\'utilisateur n\'est pas autorisé à effectuer cette action',\Auth::user()->id);
|
|
return redirect('/admin')->with('error','Vous n\'êtes pas autorisé à effectuer cette action');
|
|
}
|
|
}
|