Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
75.00% |
3 / 4 |
CRAP | |
91.67% |
22 / 24 |
| CheckRole | |
0.00% |
0 / 1 |
|
75.00% |
3 / 4 |
12.08 | |
91.67% |
22 / 24 |
| handle | |
0.00% |
0 / 1 |
6.17 | |
83.33% |
10 / 12 |
|||
| retrieveUserId | |
100.00% |
1 / 1 |
3 | |
100.00% |
6 / 6 |
|||
| check | |
100.00% |
1 / 1 |
2 | |
100.00% |
4 / 4 |
|||
| isSystemCall | |
100.00% |
1 / 1 |
1 | |
100.00% |
2 / 2 |
|||
| 1 | <?php |
| 2 | |
| 3 | namespace Qmp\Laravel\Acls\Middleware; |
| 4 | |
| 5 | use Illuminate\Support\Facades\Log; |
| 6 | use Qmp\Laravel\Acls\Facades\Role; |
| 7 | use Illuminate\Http\Response; |
| 8 | use Illuminate\Support\Facades\Request; |
| 9 | use Qmp\Laravel\Acls\Client\Client as AclsClient; |
| 10 | use Qmp\Laravel\Acls\Exceptions\RolePermissionException; |
| 11 | use Qmp\Laravel\Acls\Facades\Permission; |
| 12 | use Closure; |
| 13 | use Qmp\Laravel\MicroService\Client\Client as ServiceClient; |
| 14 | use \Qmp\Laravel\MicroService\Client\Tools\Request as ClientRequest; |
| 15 | |
| 16 | class CheckRole |
| 17 | { |
| 18 | const ACLS_CONTAINER = 'service_acls'; |
| 19 | |
| 20 | const SERVICE_NAME_ACLS = 'service-acls-laravel'; |
| 21 | |
| 22 | const SERVICE_NAME_API_GATEWAY = 'service-api-gateway-laravel'; |
| 23 | |
| 24 | /** |
| 25 | * @param $request |
| 26 | * @param Closure $next |
| 27 | * @param $role |
| 28 | * @return $this|mixed |
| 29 | */ |
| 30 | public function handle($request, Closure $next, $role, $all = false) |
| 31 | { |
| 32 | try { |
| 33 | if (!$this->isSystemCall($request)) { |
| 34 | if ($all !== false && $all === 'true') { |
| 35 | $all = true; |
| 36 | } |
| 37 | |
| 38 | $container = config('micro-services.name'); |
| 39 | $userId = $this->retrieveUserId($request, $container); |
| 40 | $this->check($container, $userId, $role, $all); |
| 41 | } |
| 42 | } catch(RolePermissionException $e) { |
| 43 | Log::debug('check role refused:' . var_export(['message' => $e->getMessage(), 'line' => $e->getLine(), 'file' => $e->getFile()], true)); |
| 44 | if (Request::is('api*')) { |
| 45 | return response()->json(['message' => $e->getMessage()])->setStatusCode(403); |
| 46 | } |
| 47 | |
| 48 | return response(view('errors.403'), 403); |
| 49 | } |
| 50 | |
| 51 | return $next($request); |
| 52 | } |
| 53 | |
| 54 | |
| 55 | private function retrieveUserId($request, $container) |
| 56 | { |
| 57 | $userId = $container === self::SERVICE_NAME_API_GATEWAY |
| 58 | ? $request->auth_user_id |
| 59 | : $request->header(ServiceClient::KEYWORD_HEADER_REQUEST); |
| 60 | if (!isset($userId)) { |
| 61 | throw new RolePermissionException('User is not setted !'); |
| 62 | } |
| 63 | |
| 64 | return $userId; |
| 65 | } |
| 66 | |
| 67 | private function check($container, $userId, $role, $all) |
| 68 | { |
| 69 | if ($container === self::SERVICE_NAME_ACLS) { |
| 70 | Role::needed($userId, explode('|', $role), $all); |
| 71 | } else { |
| 72 | AclsClient::role($userId, explode('|', $role), $all); |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | private function isSystemCall($request) |
| 77 | { |
| 78 | $token = $request->header(ServiceClient::KEYWORD_HEADER_REQUEST_SYSTEM_CALL); |
| 79 | |
| 80 | return $token === env('TOKEN_SYSTEM_CALL', ''); |
| 81 | } |
| 82 | } |