-
Notifications
You must be signed in to change notification settings - Fork 3
User Permissions
Zane Hooper edited this page Apr 5, 2017
·
4 revisions
The ApiAuthService has useful methods for determining the currently authenticated user.
$this->auth->only([
'admin',
'integration',
]);Will error if the user is not an Admin or Integration (e.g. client, install, no authentication).
$checkPerms = function () {
if (!$this->permission->has('system.integrations.read')) {
abort(403, 'You do not have access to Integrations');
}
};
$this->auth->only([
'admin' => $checkPerms,
'integration' => $checkPerms,
'client' => function ($clientId) {
// Only run if the authenticated user is a Client.
// The Client's ID is stored in $clientId.
},
'none' => function () {
// Only run if the user is unauthenticated.
},
]);The closure callback is optional and you can combine with and without callback in the same call:
$this->auth->only([
'admin', // admins have access and no callback is run
'integration' => $checkPerms, // integrations have access, $checkPerms is run
// Other users (clients, installs, unauthenticated users) do not have access (403 thrown).
]);