Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Middleware/AuthenticateReseller.php
- This file was copied from src/app/Http/Middleware/AuthenticateAdmin.php.
<?php | <?php | ||||
namespace App\Http\Middleware; | namespace App\Http\Middleware; | ||||
use Closure; | use Closure; | ||||
class AuthenticateAdmin | class AuthenticateReseller | ||||
{ | { | ||||
/** | /** | ||||
* Handle an incoming request. | * Handle an incoming request. | ||||
* | * | ||||
* @param \Illuminate\Http\Request $request | * @param \Illuminate\Http\Request $request | ||||
* @param \Closure $next | * @param \Closure $next | ||||
* @return mixed | * @return mixed | ||||
*/ | */ | ||||
public function handle($request, Closure $next) | public function handle($request, Closure $next) | ||||
{ | { | ||||
$user = auth()->user(); | $user = auth()->user(); | ||||
if (!$user) { | if (!$user) { | ||||
abort(401, "Unauthorized"); | |||||
} | |||||
if ($user->role !== "reseller") { | |||||
abort(403, "Unauthorized"); | abort(403, "Unauthorized"); | ||||
} | } | ||||
if ($user->role !== "admin") { | if ($user->tenant_id != \config('app.tenant_id')) { | ||||
abort(403, "Unauthorized"); | abort(403, "Unauthorized"); | ||||
} | } | ||||
return $next($request); | return $next($request); | ||||
} | } | ||||
} | } |