| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  | <?php | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * IsAdmin.php | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * Copyright (c) 2019 thegrumpydictator@gmail.com | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This file is part of Firefly III (https://github.com/firefly-iii). | 
					
						
							| 
									
										
										
										
											2016-10-05 06:52:15 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  |  * it under the terms of the GNU Affero General Public License as | 
					
						
							|  |  |  |  * published by the Free Software Foundation, either version 3 of the | 
					
						
							|  |  |  |  * License, or (at your option) any later version. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is distributed in the hope that it will be useful, | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * GNU Affero General Public License for more details. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * You should have received a copy of the GNU Affero General Public License | 
					
						
							|  |  |  |  * along with this program.  If not, see <https://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2017-04-09 07:44:22 +02:00
										 |  |  | declare(strict_types=1); | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | namespace FireflyIII\Http\Middleware; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use Closure; | 
					
						
							| 
									
										
										
										
											2018-07-08 07:59:58 +02:00
										 |  |  | use FireflyIII\Repositories\User\UserRepositoryInterface; | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  | use FireflyIII\User; | 
					
						
							|  |  |  | use Illuminate\Http\Request; | 
					
						
							|  |  |  | use Illuminate\Support\Facades\Auth; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |  * Class IsAdmin. | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  |  */ | 
					
						
							|  |  |  | class IsAdmin | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2016-12-28 17:07:44 +01:00
										 |  |  |      * Handle an incoming request. Must be admin. | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |      * @param \Illuminate\Http\Request $request | 
					
						
							|  |  |  |      * @param \Closure                 $next | 
					
						
							|  |  |  |      * @param string|null              $guard | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  |      * | 
					
						
							|  |  |  |      * @return mixed | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function handle(Request $request, Closure $next, $guard = null) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if (Auth::guard($guard)->guest()) { | 
					
						
							|  |  |  |             if ($request->ajax()) { | 
					
						
							|  |  |  |                 return response('Unauthorized.', 401); | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2016-05-20 17:53:03 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-07 05:51:51 +01:00
										 |  |  |             return response()->redirectTo(route('login')); | 
					
						
							| 
									
										
										
										
											2016-05-20 17:53:03 +02:00
										 |  |  |         } | 
					
						
							|  |  |  |         /** @var User $user */ | 
					
						
							| 
									
										
										
										
											2016-09-16 12:15:58 +02:00
										 |  |  |         $user = auth()->user(); | 
					
						
							| 
									
										
										
										
											2018-07-08 07:59:58 +02:00
										 |  |  |         /** @var UserRepositoryInterface $repository */ | 
					
						
							|  |  |  |         $repository = app(UserRepositoryInterface::class); | 
					
						
							|  |  |  |         if (!$repository->hasRole($user, 'owner')) { | 
					
						
							| 
									
										
										
										
											2018-03-07 05:51:51 +01:00
										 |  |  |             return response()->redirectTo(route('home')); | 
					
						
							| 
									
										
										
										
											2016-04-03 07:07:17 +02:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $next($request); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } |