BookStack Code Mirror - bookstack/blob - app/Http/Middleware/CheckUserHasPermission.php

   1 <?php
   2
   3 namespace BookStack\Http\Middleware;
   4
   5 use BookStack\Permissions\Permission;
   6 use Closure;
   7 use Illuminate\Http\Request;
   8
   9 class CheckUserHasPermission
  10 {
  11     /**
  12      * Handle an incoming request.
  13      *
  14      * @return mixed
  15      */
  16     public function handle(Request $request, Closure $next, string|Permission $permission)
  17     {
  18         if (!user()->can($permission)) {
  19             return $this->errorResponse($request);
  20         }
  21
  22         return $next($request);
  23     }
  24
  25     protected function errorResponse(Request $request)
  26     {
  27         if ($request->wantsJson()) {
  28             return response()->json(['error' => trans('errors.permissionJson')], 403);
  29         }
  30
  31         session()->flash('error', trans('errors.permission'));
  32
  33         return redirect('/');
  34     }
  35 }