Update middleware to handle wildcards correctly.

DaneEveritt · DaneEveritt · commit b1a9a597070b · 2016-10-20T18:35:55.000-04:00
diff --git a/app/Http/Middleware/APISecretToken.php b/app/Http/Middleware/APISecretToken.php
@@ -93,13 +93,18 @@ public function authenticate(Request $request, Route $route)
                 }
             }
 
-            $permission = APIPermission::where('key_id', $key->id)
-                            ->where('permission', $request->route()->getName())
-                            ->orWhere('permission', '*')
-                            ->first();
-            if (!$permission) {
-                APILogService::log($request, 'You do not have permission to access this resource.');
-                throw new AccessDeniedHttpException('You do not have permission to access this resource.');
+            $permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());
+
+            // Suport Wildcards
+            if (starts_with($request->route()->getName(), 'api.user')) {
+                $permission->orWhere('permission', 'api.user.*');
+            } else if(starts_with($request->route()->getName(), 'api.admin')) {
+                $permission->orWhere('permission', 'api.admin.*');
+            }
+
+            if (!$permission->first()) {
+                APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
+                throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -93,13 +93,18 @@ public function authenticate(Request $request, Route $route)`
`93`	`93`	`}`
`94`	`94`	`}`
`95`	`95`
`96`		`- $permission = APIPermission::where('key_id', $key->id)`
`97`		`- ->where('permission', $request->route()->getName())`
`98`		`- ->orWhere('permission', '*')`
`99`		`- ->first();`
`100`		`- if (!$permission) {`
`101`		`- APILogService::log($request, 'You do not have permission to access this resource.');`
`102`		`- throw new AccessDeniedHttpException('You do not have permission to access this resource.');`
	`96`	`+ $permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());`
	`97`	`+`
	`98`	`+ // Suport Wildcards`
	`99`	`+ if (starts_with($request->route()->getName(), 'api.user')) {`
	`100`	`+ $permission->orWhere('permission', 'api.user.*');`
	`101`	`+ } else if(starts_with($request->route()->getName(), 'api.admin')) {`
	`102`	`+ $permission->orWhere('permission', 'api.admin.*');`
	`103`	`+ }`
	`104`	`+`
	`105`	`+ if (!$permission->first()) {`
	`106`	`+ APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');`
	`107`	`+ throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');`
`103`	`108`	`}`
`104`	`109`	`}`
`105`	`110`