client_repository = $client_repository; $this->auth_service = $auth_service; } /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string|null $guard * @return mixed */ public function handle($request, Closure $next, $guard = null) { try{ $route = Route::getCurrentRoute(); $client_id = $route->parameter('id'); if(is_null($client_id)) $client_id = $route->parameter('client_id'); if(is_null($client_id)) $client_id = Input::get('client_id',null);; $client = $this->client_repository->getClientByIdentifier($client_id); $user = $this->auth_service->getCurrentUser(); if (is_null($client) || !$client->candEdit($user)) throw new Exception('invalid client id for current user'); } catch (Exception $ex) { Log::error($ex); return Response::json(array('error' => 'operation not allowed.'), 400); } return $next($request); } }