Automate Entrust permission with accessing the Route name parameters and check for user's permission

Question

I have implemented Entrust Roles for ACL layer. Now I\'m planning to automate the permission check for each request so that, each time I don\'t have to write the permission

Answer 1

Well I found the answer and to some extent I have made automated permission testing. I have created a function in the Authenticate.php middleware

public function autocheckroles($request)
{
    $perms = '';
    $delimiter = '_'.$request->segment(1);
    if($request->isMethod('GET')){

        if(is_numeric($request->segment(2)) && is_null($request->segment(3))){
            $perms = 'show'.$delimiter; 
        }
        elseif($request->segment(3) == 'edit' && 
            is_numeric($request->segment(2))){
            $perms = 'edit'.$delimiter;
        }
        elseif ($request->segment(2) == 'create'){
            $perms = 'create'.$delimiter;
        }
        elseif(is_null($request->segment(2)) && is_null($request->segment(3)) &&
            ! is_null($request->segment(1))){
            $perms = 'view'.$delimiter;
        } 
    }
    elseif($request->isMethod('POST')){
        if($request->segment(1)){
            $perms = 'create'.$delimiter;
        }           
    }
    elseif($request->isMethod('DELETE')){
        $perms = 'delete'.$delimiter;
    }
    elseif($request->isMethod('PUT') || $request->isMethod('PATCH')){
        if($request->segment(1)){
            $perms = 'edit'.$delimiter;
        }
    }
    return $perms;
}

This return me the permission based on the request method. E.g. create_perm OR create_role OR edit_role. This way, I don't have write each and every permission in middleware. It will check automatically based on the request.

// Check for the user role and automate the role permission
    $perform_action = $this->autocheckroles($request);
    // Super Admin with id number 1 dosen't require any permission
    if((\Auth::user()->id == '1') || \Auth::user()->can($perform_action)){
        return $next($request);
    }
    else
    {
        \Session::flash('flash_message', 'You are not authorized for this page.');
        return new RedirectResponse(url('/home'));
    }

This way, if user is not authorized he will be redirected to Dashboard (home) page and super user won't face any such authentication so he is excluded.