I need to check the user roles provided by spatie/laravel-permission, and i was wondering if it would be possible to create a guzzle request in the middleware that executes on every route.
for the API i am using Laravel/Passport.
suggestions for other/better methods are Welcome as well.
Is used this code for the Guzzle http request:
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Session;
class CheckPermission
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next, $requiredRoles="none")
{
$response = Http::withToken(Session::get('accessToken'))->withHeaders([
"User-Agent" => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36",
"Origin" => "http://base.fourdesign-test.nl",
'Content-Type' => "application/json",
"Access-Control-Allow-Origin" => '*'])->withOptions(['base_uri' => env('API_URL')])->get("/api/checkpermission");
if(!$response) {
die();
}
if($requiredRoles == "none" && empty($response['userRoles'])) {
return $next($request);
} else if(empty($response['userRoles'])) {
return redirect('/login');
}
$requiredRoles = explode("|", $requiredRoles);
$allowRequest = false;
foreach ($response['userRoles'] as $userRole) {
Session::put($userRole, true);
foreach ($requiredRoles as $requiredRole) {
if ($requiredRole == 'none') {
$allowRequest = true;
}
if ($requiredRole == $userRole) {
$allowRequest = true;
}
}
}
if ($allowRequest === true) {
return $next($request);
}
return redirect()->back();
}
}