Authorize all admin routes/paths

Submitted by somadden - 5 years ago

Catch all routes and paths using the auth filter. A route validation method is added to the Users model called hasAccess($route) and returns true if the user has that route. If the user doesn't have the route the error message will inform of what access they are missing.

Route::filter('auth', function()
{
    if(Auth::guest()) return Redirect::guest('login');
  
    $sRoute = Route::currentRouteName() ?: Route::current()->getPath();
  
    if(!Auth::user()->hasAccess($sRoute)) {
        Log::alert('Failed access by "' . Auth::user()->id . '" to "' .$sRoute . '"' );
        App::abort(401, 'Missing permission to access : ' . $sRoute);
    }
});