From 5d8321f6f5b089b4fe562c1944cb45e66821aac4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20R=C3=B4mulo?= Date: Fri, 25 Jun 2021 18:51:56 -0300 Subject: [PATCH] Adicionando checagem multipla de tipo nas rotas --- app/Http/Kernel.php | 2 ++ app/Http/Middleware/checkRoles.php | 39 ++++++++++++++++++++++++++++++ routes/web.php | 13 +++------- 3 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 app/Http/Middleware/checkRoles.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index ccda74b..d689353 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -65,6 +65,8 @@ class Kernel extends HttpKernel 'isTemp' => \App\Http\Middleware\IsTemp::class, 'checkAdministrador' => \App\Http\Middleware\checkAdministrador::class, 'checkAdminResp' => \App\Http\Middleware\checkAdminResp::class, + 'checkCoordenador' => \App\Http\Middleware\checkCoordenador::class, + 'checkRoles' => \App\Http\Middleware\checkRoles::class, ]; /** diff --git a/app/Http/Middleware/checkRoles.php b/app/Http/Middleware/checkRoles.php new file mode 100644 index 0000000..dfb4a4d --- /dev/null +++ b/app/Http/Middleware/checkRoles.php @@ -0,0 +1,39 @@ +tipo == 'administrador'){ + return $next($request); + }*/ + + foreach($roles as $role){ + if($user->tipo == $role){ + return $next($request); + } + } + + return redirect('home')->with('error', 'Você não possui privilégios para acessar esta funcionalidade'); + } + +} diff --git a/routes/web.php b/routes/web.php index 72d5a9e..c00a2d8 100644 --- a/routes/web.php +++ b/routes/web.php @@ -231,16 +231,9 @@ Route::prefix('evento')->name('evento.')->group(function(){ Route::post( '/criar', 'EventoController@store' )->name('criar')->middleware('checkAdministrador'); Route::get( '/visualizar/{id}','EventoController@show' )->name('visualizar')->middleware('auth'); Route::get( '/listar', 'EventoController@listar' )->name('listar')->middleware('auth'); - - Route::delete( '/excluir/{id}', 'EventoController@destroy' )->name('deletar')->middleware('checkAdministrador'); - Route::delete( '/excluir/{id}', 'EventoController@destroy' )->name('deletar')->middleware(checkCoordenador::class); - - Route::get( '/editar/{id}', 'EventoController@edit' )->name('editar')->middleware('checkAdministrador'); - Route::get( '/editar/{id}', 'EventoController@edit' )->name('editar')->middleware(checkCoordenador::class); - - Route::post( '/editar/{id}', 'EventoController@update' )->name('update')->middleware('checkAdministrador'); - Route::post( '/editar/{id}', 'EventoController@update' )->name('update')->middleware(checkCoordenador::class); - + Route::delete( '/excluir/{id}', 'EventoController@destroy' )->name('deletar')->middleware('checkRoles:coordenador,administrador'); + Route::get( '/editar/{id}', 'EventoController@edit' )->name('editar')->middleware('checkRoles:coordenador,administrador'); + Route::post( '/editar/{id}', 'EventoController@update' )->name('update')->middleware('checkRoles:coordenador,administrador'); Route::post( '/setResumo', 'EventoController@setResumo' )->name('setResumo')->middleware('checkAdministrador'); Route::post( '/setFoto', 'EventoController@setFotoEvento' )->name('setFotoEvento')->middleware('checkAdministrador'); -- GitLab