Merge pull request #87 from andrex47/master

mariovalney · web-flow · commit e9cc3a647315 · 2022-11-01T17:59:12.000-03:00
new keycloak can one middleware
diff --git a/src/KeycloakWebGuardServiceProvider.php b/src/KeycloakWebGuardServiceProvider.php
@@ -13,6 +13,7 @@
 use Vizir\KeycloakWebGuard\Auth\KeycloakWebUserProvider;
 use Vizir\KeycloakWebGuard\Middleware\KeycloakAuthenticated;
 use Vizir\KeycloakWebGuard\Middleware\KeycloakCan;
+use Vizir\KeycloakWebGuard\Middleware\KeycloakCanOne;
 use Vizir\KeycloakWebGuard\Models\KeycloakUser;
 use Vizir\KeycloakWebGuard\Services\KeycloakService;
 
@@ -72,6 +73,9 @@ public function register()
         // Add Middleware "keycloak-web-can"
         $this->app['router']->aliasMiddleware('keycloak-web-can', KeycloakCan::class);
 
+        // Add Middleware "keycloak-web-can-one
+        $this->app['router']->aliasMiddleware('keycloak-web-can-one', KeycloakCanOne::class);
+
         // Bind for client data
         $this->app->when(KeycloakService::class)->needs(ClientInterface::class)->give(function() {
             return new Client(Config::get('keycloak-web.guzzle_options', []));
diff --git a/src/Middleware/KeycloakCanOne.php b/src/Middleware/KeycloakCanOne.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Vizir\KeycloakWebGuard\Middleware;
+
+use Closure;
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Support\Facades\Auth;
+use Vizir\KeycloakWebGuard\Exceptions\KeycloakCanException;
+
+class KeycloakCanOne extends KeycloakAuthenticated
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @param  string|null  $guard
+     * @return mixed
+     */
+    public function handle($request, Closure $next, ...$guards)
+    {
+        if (empty($guards) && Auth::check()) {
+            return $next($request);
+        }
+
+        $guards = explode('|', ($guards[0] ?? ''));
+        foreach ($guards as $guard) {
+            if (Auth::hasRole($guard)) {
+                return $next($request);
+            }
+        }
+
+        throw new AuthorizationException('Forbidden', 403);
+    }
+}
