2018-01-18 21:36:15 -06:00
|
|
|
<?php
|
|
|
|
|
|
2024-03-12 22:39:16 -04:00
|
|
|
namespace App\Http\Middleware\Api\Application;
|
2018-01-18 21:36:15 -06:00
|
|
|
|
2025-09-08 13:12:33 -04:00
|
|
|
use App\Models\User;
|
2025-09-24 13:34:19 +02:00
|
|
|
use Closure;
|
2018-01-18 21:36:15 -06:00
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
|
|
|
|
2018-02-25 15:30:56 -06:00
|
|
|
class AuthenticateApplicationUser
|
2018-01-18 21:36:15 -06:00
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Authenticate that the currently authenticated user is an administrator
|
2018-05-13 10:50:56 -04:00
|
|
|
* and should be allowed to proceed through the application API.
|
2018-01-18 21:36:15 -06:00
|
|
|
*/
|
2025-09-08 13:12:33 -04:00
|
|
|
public function handle(Request $request, Closure $next): mixed
|
2018-01-18 21:36:15 -06:00
|
|
|
{
|
2025-09-08 13:12:33 -04:00
|
|
|
/** @var User|null $user */
|
2022-05-22 19:03:51 -04:00
|
|
|
$user = $request->user();
|
2025-10-07 23:41:28 +02:00
|
|
|
if (!$user || !$user->isAdmin()) {
|
2018-02-24 12:27:41 -06:00
|
|
|
throw new AccessDeniedHttpException('This account does not have permission to access the API.');
|
2018-01-18 21:36:15 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $next($request);
|
|
|
|
|
}
|
|
|
|
|
}
|
