Search code examples
phplaravel-4cartalyst-sentry

Best way to check permissions with sentry 2 at Laravel

Im developing a basic aplication core, first im working with user/groups and & permissions access.

I choose Sentry 2 to work, and i want to limit the access to my.domain/admin to a users or groups that have admin permissions.

Im developing a filter to check if the user is admin and if hasAccess to a specific action, like users.index, or users.custom_fuction.

In my routes i have:

/**
* ADMIN ROUTES
*/
Route::group(array('before' => 'sentry'), function() {
    Route::group(array('before' => 'admin'), function() {

        Route::group(array('prefix' => 'admin'), function()
        {

            Route::get('/', function()
            {
                return View::make('admin');
            });

            Route::resource('groups', 'GroupController',
                array('except' => array('show')));

            Route::resource('users', 'UserController',
                array('except' => array('show')));

            Route::get('users/{id}/groups', 'UserController@groups');
            Route::post('users/{id}/groups', 'UserController@store_groups');

            Route::get('{table}/{id}/permissions',
               'PermissionController@manage_entity');
            Route::post('{table}/{id}/permissions',
               'PermissionController@update_permissions');
        });
    });
});

The sentry filter only checks if is loged and rediret to login page, the admin filter is:

/*
 * Sentry admin & hasAccess filter
 */
Route::filter('admin', function()
{
    $user = Sentry::getUser();

    if (!$user->hasAccess('admin')) return Redirect::to('/');

    // Ask if user hasAccess to specific action
    var_dump(Route::getCurrentRoute()->getPath());
    var_dump(Route::getCurrentRoute()->getAction());
});

I have to make another check with the actual route, in the getAction array there are a

'as' => string 'admin.users.index' (length=17)

I can use that for Route::resource i define but, how i did for other functions like groups or permissions.

Maybe there is a better way to handle that, but i dont know it.

Thanks in advice.

Solution

  • I found the solution:

    http://laravel.com/docs/routing#named-routes

    And now i have:

    Route::get('users/{id}/groups', array('as' => 'admin.users.groups', 'uses' => 'UserController@groups'));
Route::post('users/{id}/groups', 'UserController@store_groups');

Route::get('{table}/{id}/permissions', array('as' => 'admin.permissions.manage_entity', 'uses' => 'PermissionController@manage_entity'));
Route::post('{table}/{id}/permissions', 'PermissionController@update_permissions');

    And the filters looks like:

    Route::filter('admin', function()
{
    $user = Sentry::getUser();
    $action = Route::getCurrentRoute()->getAction();

    if (!$user->hasAccess($action['as'])) return Redirect::to('/admin');
});

    But now, all route inside that filter need a as declared or error will popup.

    Hope this helps others.