Add Role middleware for existing routes

8 years ago · 61c78795d4
11 changed files with 52 additions and 10 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -56,5 +56,6 @@ class Kernel extends HttpKernel
        'can'        => \Illuminate\Auth\Middleware\Authorize::class,
        'guest'      => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle'   => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'role'       => \App\Http\Middleware\Role::class,
    ];
 }
--- a/app/Http/Middleware/Role.php
+++ b/app/Http/Middleware/Role.php
@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class Role
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next, $names)
+    {
+        $nameArray = explode('|', $names);
+
+        if (auth()->check() == false) {
+            return redirect()->guest('login');
+        }
+
+        // Cek apakah grup user ada di dalam array $nameArray?
+        if (auth()->user()->hasRoles($nameArray) == false) {
+            flash()->error('Anda tidak dapat mengakses halaman '.$request->path().'.');
+            return redirect()->route('home');
+        }
+
+        return $next($request);
+    }
+}
--- a/resources/views/users/profile/show.blade.php
+++ b/resources/views/users/profile/show.blade.php
@ -10,6 +10,7 @@
                <tr><th class="col-xs-3">{{ trans('user.user_id') }}</th><td>{{ $user->id }}</td></tr>
                <tr><th>{{ trans('user.name') }}</th><td>{{ $user->name }}</td></tr>
                <tr><th>{{ trans('user.email') }}</th><td>{{ $user->email }}</td></tr>
+                <tr><th>{{ trans('user.role') }}</th><td>{!! $user->roleList() !!}</td></tr>
                <tr><th>{{ trans('user.api_token') }}</th><td><code>{{ $user->api_token }}</code></td></tr>
            </table>
            <div class="panel-footer">
--- a/routes/web/account.php
+++ b/routes/web/account.php
@ -51,17 +51,17 @@ Route::get('agency', [
 Route::get('agency/edit', [
    'as'         => 'users.agency.edit',
    'uses'       => 'Users\AgencyController@edit',
-    'middleware' => ['web', 'auth'],
+    'middleware' => ['web', 'role:admin'],
 ]);

 Route::patch('agency/update', [
    'as'         => 'users.agency.update',
    'uses'       => 'Users\AgencyController@update',
-    'middleware' => ['web', 'auth'],
+    'middleware' => ['web', 'role:admin'],
 ]);

 Route::patch('agency/logo-upload', [
    'as'         => 'users.agency.logo-upload',
    'uses'       => 'Users\AgencyController@logoUpload',
-    'middleware' => ['web', 'auth'],
+    'middleware' => ['web', 'role:admin'],
 ]);
--- a/routes/web/invoices.php
+++ b/routes/web/invoices.php
@ -1,6 +1,6 @@
 <?php

-Route::group(['middleware' => ['web', 'auth']], function () {
+Route::group(['middleware' => ['web', 'role:admin']], function () {
    /*
     * Invoice Draft Routes
     */
--- a/routes/web/payments.php
+++ b/routes/web/payments.php
@ -1,6 +1,6 @@
 <?php

-Route::group(['middleware' => ['web', 'auth']], function () {
+Route::group(['middleware' => ['web', 'role:admin']], function () {
    /**
     * Payments Routes
     */
--- a/routes/web/projects.php
+++ b/routes/web/projects.php
@ -1,6 +1,6 @@
 <?php

-Route::group(['middleware' => ['web', 'auth'], 'namespace' => 'Projects'], function () {
+Route::group(['middleware' => ['web', 'role:admin'], 'namespace' => 'Projects'], function () {
    /**
     * Projects Routes
     */
@ -60,6 +60,13 @@ Route::group(['middleware' => ['web', 'auth']], function () {
     */
    Route::get('jobs', ['as' => 'jobs.index', 'uses' => 'JobsController@index']);
    Route::get('jobs/{job}', ['as' => 'jobs.show', 'uses' => 'JobsController@show']);
+});
+
+Route::group(['middleware' => ['web', 'role:admin']], function () {
+
+    /**
+     * Job Actions Routes
+     */
    Route::get('jobs/{job}/edit', ['as' => 'jobs.edit', 'uses' => 'JobsController@edit']);
    Route::patch('jobs/{job}', ['as' => 'jobs.update', 'uses' => 'JobsController@update']);
    Route::get('jobs/{job}/delete', ['as' => 'jobs.delete', 'uses' => 'JobsController@delete']);
--- a/routes/web/references.php
+++ b/routes/web/references.php
@ -1,6 +1,6 @@
 <?php

-Route::group(['namespace' => 'References', 'middleware' => ['web', 'auth']], function () {
+Route::group(['namespace' => 'References', 'middleware' => ['web', 'role:admin']], function () {
    /**
     * Options Routes
     */
--- a/routes/web/reports.php
+++ b/routes/web/reports.php
@ -1,6 +1,6 @@
 <?php

-Route::group(['middleware' => ['web', 'auth'], 'prefix' => 'reports'], function () {
+Route::group(['middleware' => ['web', 'role:admin'], 'prefix' => 'reports'], function () {
    /**
     * Reports Routes
     */
@ -11,7 +11,7 @@ Route::group(['middleware' => ['web', 'auth'], 'prefix' => 'reports'], function
    Route::get('current-credits', ['as' => 'reports.current-credits', 'uses' => 'ReportsController@currentCredits']);

    Route::get('log-files', ['as' => 'log-files.index', 'uses' => function () {
-        if ( ! file_exists(storage_path('logs'))) {
+        if (!file_exists(storage_path('logs'))) {
            return [];
        }

--- a/routes/web/users.php
+++ b/routes/web/users.php
@ -1,6 +1,6 @@
 <?php

-Route::group(['middleware' => ['web', 'auth'], 'namespace' => 'Users'], function () {
+Route::group(['middleware' => ['web', 'role:admin'], 'namespace' => 'Users'], function () {
    /**
     * Users Routes
     */
--- a/tests/Feature/ManageJobsTest.php
+++ b/tests/Feature/ManageJobsTest.php
@ -53,6 +53,7 @@ class ManageJobsTest extends TestCase
    public function admin_can_edit_job_data()
    {
        $users = factory(User::class, 3)->create();
+        $users[0]->assignRole('admin');
        $this->actingAs($users[0]);

        $customer = factory(Customer::class)->create();