diff --git a/README.md b/README.md index 40dca3a..d0dc201 100644 --- a/README.md +++ b/README.md @@ -252,10 +252,19 @@ if (hasRole('admin')) { ## Middleware Usage + ```php Route::group(['middleware' => ['role:admin,post-create']], function () { - // Routes protected by role and permission + // Routes protected by role and permissions +}); + +Route::group(['middleware' => ['permissions:post-create']], function () { + // Routes protected by permissions }); + +Route::post('/create-post', [PostController::class, 'create'])->name('post.create')->middleware('role:admin,post-create'); +Route::post('/create-post', [PostController::class, 'create'])->name('post.create')->middleware('permissions:post-create'); + ``` ## How to Use Permissions Expiration diff --git a/src/Middleware/PermissionsMiddleware.php b/src/Middleware/PermissionsMiddleware.php new file mode 100644 index 0000000..8d5bd8a --- /dev/null +++ b/src/Middleware/PermissionsMiddleware.php @@ -0,0 +1,28 @@ +user()) { + abort(403, 'Unauthorized action.'); + } + + if (! $request->user()->hasPermissions($permissions)) { + abort(403, 'You do not have the required permission.'); + } + + return $next($request); + } +} diff --git a/src/Middleware/RolePermissionMiddleware.php b/src/Middleware/RolePermissionMiddleware.php index c436827..7f39c22 100644 --- a/src/Middleware/RolePermissionMiddleware.php +++ b/src/Middleware/RolePermissionMiddleware.php @@ -10,8 +10,6 @@ class RolePermissionMiddleware { /** * Handle an incoming request. - * - * @param Closure(Request): (Response) $next */ public function handle(Request $request, Closure $next, $role = null, $permission = null): Response { @@ -20,10 +18,10 @@ public function handle(Request $request, Closure $next, $role = null, $permissio } if (! $request->user()->hasRole($role)) { - abort(404, 'Unauthorized action.'); + abort(403, 'You do not have the required role.'); } if ($permission !== null && ! $request->user()->hasPermissions($permission)) { - abort(404, 'Unauthorized action.'); + abort(403, 'You do not have the required permission.'); } return $next($request); diff --git a/src/PermissionServiceProvider.php b/src/PermissionServiceProvider.php index e2ec0ac..1eca1a6 100644 --- a/src/PermissionServiceProvider.php +++ b/src/PermissionServiceProvider.php @@ -6,6 +6,7 @@ use EragPermission\Commands\UpgradeVersions; use EragPermission\Contracts\PermissionContract; use EragPermission\Contracts\RoleContract; +use EragPermission\Middleware\PermissionsMiddleware; use EragPermission\Middleware\RolePermissionMiddleware; use EragPermission\Models\Permission; use EragPermission\Models\Role; @@ -54,6 +55,9 @@ public function boot(Router $router): void $router->aliasMiddleware('role', RolePermissionMiddleware::class); $router->middlewareGroup('role', [RolePermissionMiddleware::class]); + $router->aliasMiddleware('permissions', PermissionsMiddleware::class); + $router->middlewareGroup('permissions', [PermissionsMiddleware::class]); + if (Schema::hasTable('users') && Schema::hasTable('roles') && Schema::hasTable('permissions')) { Permission::with('roles.users')->get()->each(function ($permission) { Gate::define($permission->name, function ($user) use ($permission) { diff --git a/src/Traits/HasPermissionsTrait.php b/src/Traits/HasPermissionsTrait.php index 431d84f..37b6e51 100644 --- a/src/Traits/HasPermissionsTrait.php +++ b/src/Traits/HasPermissionsTrait.php @@ -94,8 +94,6 @@ public function hasPermissions(string|array $permissions): bool public function hasPermissionThroughRole($permission): bool { - $this->load('roles'); - return $this->roles->pluck('id')->intersect($permission->roles->pluck('id'))->isNotEmpty(); }