Merge pull request #1 from alfikiafan/afif

Middleware and Authorization
alfikiafan · Jun 9, 2023 · 0db97ff · 0db97ff
2 parents 0b36655 + 91f9b85
commit 0db97ff
Show file tree

Hide file tree

Showing 5 changed files with 1,081 additions and 2 deletions.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -40,7 +40,7 @@ class Kernel extends HttpKernel
 
         'api' => [
             // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
+            \Illuminate\Routing\Middleware\ThrottleRequests::class . ':api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
     ];
@@ -63,5 +63,10 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+
+
+        // Custom Middleware
+        'administrator' => \App\Http\Middleware\OnlyAdministrator::class,
+        'cashier' => \App\Http\Middleware\OnlyCashier::class,
     ];
 }
diff --git a/app/Http/Middleware/OnlyAdministrator.php b/app/Http/Middleware/OnlyAdministrator.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class OnlyAdministrator
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if ($request->user() && $request->user()->role !== 'administrator') {
+            abort(403);
+        }
+        return $next($request);
+    }
+}
diff --git a/app/Http/Middleware/OnlyCashier.php b/app/Http/Middleware/OnlyCashier.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class OnlyCashier
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if ($request->user() && $request->user()->role !== 'cashier') {
+            abort(403);
+        }
+        return $next($request);
+    }
+}
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\ServiceProvider;
 
 class AppServiceProvider extends ServiceProvider
@@ -19,6 +20,12 @@ public function register(): void
      */
     public function boot(): void
     {
-        //
+        Gate::define('admin', function ($user) {
+            return $user->role === 'administrator';
+        });
+
+        Gate::define('cashier', function ($user) {
+            return $user->role === 'cashier';
+        });
     }
 }