-
Notifications
You must be signed in to change notification settings - Fork 91
/
filters.php
executable file
·112 lines (95 loc) · 2.93 KB
/
filters.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<?php
/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function($request)
{
//
});
App::after(function($request, $response)
{
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
Route::filter('auth', function()
{
if (!Sentry::check()) return Redirect::route('login');
});
Route::filter('inGroup', function($route, $request, $value)
{
if (!Sentry::check()) return Redirect::route('login');
// we need to determine if a non admin user
// is trying to access their own account.
$userId = $route->getParameter('users');
try
{
$user = Sentry::getUser();
$group = Sentry::findGroupByName($value);
if ($userId != Session::get('userId') && (! $user->inGroup($group)) )
{
Session::flash('error', trans('users.noaccess'));
return Redirect::route('home');
}
}
catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
{
Session::flash('error', trans('users.notfound'));
return Redirect::route('login');
}
catch (Cartalyst\Sentry\Groups\GroupNotFoundException $e)
{
Session::flash('error', trans('groups.notfound'));
return Redirect::route('login');
}
});
// thanks to http://laravelsnippets.com/snippets/sentry-route-filters
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function()
{
// var_dump($_SESSION);
// var_dump($_POST);
// die();
if (Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});