Problem with filters and routes in laravel

2

Hi. I'm creating an api in laravel.

And I have a problem with the routes and filters for access. I have the levels of client, operator and administrator.

I have routes that are common for client, operator and administrator, I have routes for operator and administrator and I have routes exclusively for admin.

I tried to do the groups like this:

Route::group(array('prefix' => 'api/v1', 'before' => 'auth.basic'), function(){
// Rotas em comum
Route::resource('type', 'TypeController');
Route::resource('state', 'StateController');
Route::resource('solicitation', 'SolicitationController');
Route::resource('client', 'ClientController');

// Rotas do operador
Route::group(array('before' => 'auth.operator'), function()
{
    Route::resource('location', 'LocationController');
    Route::resource('login_desktop', 'LoginDesktopController');
});

// Rotas do administrador
Route::group(array('before' => 'auth.administrator'), function()
{
    Route::resource('employee', 'EmployeeController');
    Route::resource('jobtitle', 'JobTitleController');
    Route::resource('location', 'LocationController');
    Route::resource('login_desktop', 'LoginDesktopController');
});});

And these are the filters:

Route::filter('auth.administrator', function(){
$user = Auth::user();
if($user->permission !== 'administrator')
{
    return Response::json(array(
        'error' => true,
        'message' => 'Você não tem permissão para acessar este serviço.'),
        403
    );
}});

Route::filter('auth.operator', function(){
$user = Auth::user();
if($user->permission !== 'operator')
{
    return Response::json(array(
        'error' => true,
        'message' => 'Você não tem permissão para acessar este serviço.'),
        403
    );
}});

Route::filter('auth.client', function(){
$user = Auth::user();
if($user->permission !== 'client')
{
    return Response::json(array(
        'error' => true,
        'message' => 'Você não tem permissão para acessar este serviço.'),
        403
    );
}});

More when I enter as an administrator-level account, the route usually works, but when accessing the validation error operator.

The error is that it enters the operator filter and then it enters the administrator filter.

I would like to know if you can validate only for operator without entering the administrator filter.

    
asked by anonymous 15.01.2015 / 22:44

1 answer

2

Try to join routes to the same resource in a new filter, for example

Route::filter('auth.administrator_or_operator', function(){
   $groups = ["administrator", "operator"];

   if(!in_array($user->permission, $groups)){
       return Response::json(array(
         'error' => true,
         'message' => 'Você não tem permissão para acessar este serviço.'),
         403
       );
   }
});

Here the routes would be:

Route::group(array('prefix' => 'api/v1', 'before' => 'auth.basic'), function(){
// Rotas em comum
Route::resource('type', 'TypeController');
Route::resource('state', 'StateController');
Route::resource('solicitation', 'SolicitationController');
Route::resource('client', 'ClientController');

// Rotas do operador
Route::group(array('before' => 'auth.operator'), function()
{
    //não ficou nada aqui
});

// Rotas do administrador
Route::group(array('before' => 'auth.administrator'), function()
{
    Route::resource('employee', 'EmployeeController');
    Route::resource('jobtitle', 'JobTitleController');
});});

Route::group(array('before' => 'auth.administrator_or_operator'), function(){
    Route::resource('location', 'LocationController');
    Route::resource('login_desktop', 'LoginDesktopController');
});

This is because the routes have the same name, another solution would be to give them different names: location-admin, location-operator ...

    
19.01.2015 / 01:12