<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; class Permission { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse */ public function handle(Request $request, Closure $next, $permission) { // if user.role is admin, allow if ($request->user()->role == 'admin') { return $next($request); } if (auth()->user()->hasPermission($permission)) { return $next($request); } abort(403, "You need \"$permission\" permission"); } }