I've created a custom roles manager for Laravel (4.2) based on the named routes e.g.:
users.index, customers.create, vendors.update, orders.store, users.edit, customers.update, etc.
Basically anything registered as a Route::resource(...); within the routes.php file (with a few custom named routes)
I'm checking the permissions with this method:
namespace Acme\Users;
...
class User extends \Eloquent implements UserInterface, RemindableInterface {
...
public function hasPermissions($route)
{
$actions = ['users.index', 'users.create', 'users.edit', 'users.delete']; // fake data
if ( ! in_array($route, $actions))
{
return false;
}
return true;
}
}
Then, within the app/filters.php, I'm checking the current route against the User.
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
// check if the current authenticated User has permissions to access this route
if ( ! Auth::user()->hasPermissions(Route::current()->getName()))
{
return Redirect::route('dashboard.index');
}
});
Everything is working with any route using the GET method, but when it comes to PUT, PATCH, POST DELETE the Route::current()->getName() doesn't return anything.
Is there a better approach? I want everything to happen automatically, and I have a solution to this issue, but it's very involved. Is there a way to get the route name during a PUT, PATCH, POST or DELETE request?
Thank you.
