I have a rest API where a lot of routes will be prefixed by /org/{id}. This prefix will scope the nested data and also the user will need to be checked if they are a member of the org. Would middleware be the best place to run these checks and also initialise an orgcontext class that can be accessed throughout the rest of the request?
2
-
Are users typically members of more than one org?ceejayoz– ceejayoz2017-01-01 01:35:14 +00:00Commented Jan 1, 2017 at 1:35
-
@ceejayoz Yes. There is functionality in the front end to change which org you are working in. It is an angular spa and I am using session storage to store the current org id so the user can work in different orgs in different tabs.the-a-train– the-a-train2017-01-01 11:02:50 +00:00Commented Jan 1, 2017 at 11:02
Add a comment
|
1 Answer
A middleware is probably the perfect place to do those checks:
<?php
namespace App\Http\Middleware;
use Closure;
use App\Repositories\Eloquent\UserRepository;
class CanAccessOrg
{
public function handle($request, Closure $next, UserRepository $userRepository)
{
if (! $userRepository->currentUserCanAccessOrg(Session::get('org'))) {
Auth::logout();
return redirect()->route('login')->withErrors(['msg', 'You dont have access to this org']);;
}
return $next($request);
}
}
answered Jan 2, 2017 at 21:20
Antonio Carlos Ribeiro
87.9k22 gold badges220 silver badges205 bronze badges