Hi. I'm creating an api in laravel.
And I have a problem with the routes and filters for access. I have the levels of client, operator and administrator.
I have routes that are common for client, operator and administrator, I have routes for operator and administrator and I have routes exclusively for admin.
I tried to do the groups like this:
Route::group(array('prefix' => 'api/v1', 'before' => 'auth.basic'), function(){
// Rotas em comum
Route::resource('type', 'TypeController');
Route::resource('state', 'StateController');
Route::resource('solicitation', 'SolicitationController');
Route::resource('client', 'ClientController');
// Rotas do operador
Route::group(array('before' => 'auth.operator'), function()
{
Route::resource('location', 'LocationController');
Route::resource('login_desktop', 'LoginDesktopController');
});
// Rotas do administrador
Route::group(array('before' => 'auth.administrator'), function()
{
Route::resource('employee', 'EmployeeController');
Route::resource('jobtitle', 'JobTitleController');
Route::resource('location', 'LocationController');
Route::resource('login_desktop', 'LoginDesktopController');
});});
And these are the filters:
Route::filter('auth.administrator', function(){
$user = Auth::user();
if($user->permission !== 'administrator')
{
return Response::json(array(
'error' => true,
'message' => 'Você não tem permissão para acessar este serviço.'),
403
);
}});
Route::filter('auth.operator', function(){
$user = Auth::user();
if($user->permission !== 'operator')
{
return Response::json(array(
'error' => true,
'message' => 'Você não tem permissão para acessar este serviço.'),
403
);
}});
Route::filter('auth.client', function(){
$user = Auth::user();
if($user->permission !== 'client')
{
return Response::json(array(
'error' => true,
'message' => 'Você não tem permissão para acessar este serviço.'),
403
);
}});
More when I enter as an administrator-level account, the route usually works, but when accessing the validation error operator.
The error is that it enters the operator filter and then it enters the administrator filter.
I would like to know if you can validate only for operator without entering the administrator filter.