2018-01-19 03:36:15 +00:00
|
|
|
<?php
|
|
|
|
|
|
2018-01-20 01:58:57 +00:00
|
|
|
namespace Pterodactyl\Http\Middleware\Api\Application;
|
2018-01-19 03:36:15 +00:00
|
|
|
|
|
|
|
|
use Closure;
|
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
|
|
|
|
2018-02-25 21:30:56 +00:00
|
|
|
class AuthenticateApplicationUser
|
2018-01-19 03:36:15 +00:00
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Authenticate that the currently authenticated user is an administrator
|
2018-05-13 14:50:56 +00:00
|
|
|
* and should be allowed to proceed through the application API.
|
2018-01-19 03:36:15 +00:00
|
|
|
*
|
|
|
|
|
* @param \Illuminate\Http\Request $request
|
2019-09-06 04:32:57 +00:00
|
|
|
* @param \Closure $next
|
2018-01-19 03:36:15 +00:00
|
|
|
* @return mixed
|
|
|
|
|
*/
|
|
|
|
|
public function handle(Request $request, Closure $next)
|
|
|
|
|
{
|
|
|
|
|
if (is_null($request->user()) || ! $request->user()->root_admin) {
|
2018-02-24 18:27:41 +00:00
|
|
|
throw new AccessDeniedHttpException('This account does not have permission to access the API.');
|
2018-01-19 03:36:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $next($request);
|
|
|
|
|
}
|
|
|
|
|
}
|
