30 lines
811 B
PHP
30 lines
811 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Exception;
|
|
use Illuminate\Auth\AuthenticationException;
|
|
use Laravel\Sanctum\Http\Middleware\CheckForAnyAbility;
|
|
|
|
class ApiAbility extends CheckForAnyAbility
|
|
{
|
|
public function handle($request, $next, ...$abilities)
|
|
{
|
|
try {
|
|
if ($request->user()->tokenCan('root')) {
|
|
return $next($request);
|
|
}
|
|
|
|
return parent::handle($request, $next, ...$abilities);
|
|
} catch (AuthenticationException $e) {
|
|
return response()->json([
|
|
'message' => 'Unauthenticated.',
|
|
], 401);
|
|
} catch (Exception $e) {
|
|
return response()->json([
|
|
'message' => 'Missing required permissions: '.implode(', ', $abilities),
|
|
], 403);
|
|
}
|
|
}
|
|
}
|