diff --git a/app/Http/Middleware/RequireRole.php b/app/Http/Middleware/RequireRole.php index 93e77282e..0159ad6d0 100644 --- a/app/Http/Middleware/RequireRole.php +++ b/app/Http/Middleware/RequireRole.php @@ -16,13 +16,24 @@ class RequireRole */ public function handle($request, Closure $next, $role) { + $confirmed = false; + $ranking = array([ + 'None' => 0, + 'Guest' => 1, + 'User' => 2, + 'Admin' => 3, + ]); $check = DB::table('user_roles')->where('character_id', auth()->user()->character_id)->get(['role']); - printf($check); - printf($role); - if($check === $role) { - $confirmed = true; - } else { - $confirmed = false; + foreach($ranking as $rank => $value) { + if($role === $check['role']) { + $confirmed = true; + break; + } else { + if($rank[$check['role']] > $rank[$check['role']]) { + $confirmed = true; + break; + } + } } abort_unless(auth()->check() && $confirmed, 403, "You don't have permissions to access this area!"); diff --git a/app/User.php b/app/User.php index 3df551f82..d6fb97e03 100644 --- a/app/User.php +++ b/app/User.php @@ -46,16 +46,15 @@ class User extends Authenticatable protected $guarded = []; //Used in middleware to make sure a user is able to access many of the pages - public function hasRole($role) - { - $check = User::role()->get(['role']); - //dd($check); - if($check == $role) { - return true; - } else { - return false; - } - } + //public function hasRole($role) + //{ + // $check = User::role()->get(['role']); + // if($check == $role) { + // return true; + // } else { + // return false; + // } + //} public function getUserType() { return User::where('user_type')->get();