I have a Laravel 5 application and require to implement a authorization using middleware. I have used "Entrust" (https://github.com/Zizaco/entrust) for authorization.
My issue is, how I authorize each request (users/index, users/create, users/store etc.) inside of handle method of my middleware.
I can check Auth::user()->can('create-user') but require to check with each request dynamically.
Here's my impelementation of such middleware:
class Authenticate {
public function __construct() {}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$token = \Request::header('x-auth-token');
// common login functionality
if ($token) {
$authtoken = \App\Models\Authtoken::find($token);
if ($authtoken) {
\Auth::loginUsingId($authtoken->user_id);
}
}
return $next($request);
}
}
Authtoken is a eloquent model over authtokens table. Of course you can retrieve a user id some other way.
