38 lines
970 B
PHP
38 lines
970 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Middleware;
|
|
|
|
use App\Core\{Request, Response};
|
|
|
|
final class RoleMiddleware
|
|
{
|
|
/**
|
|
* Handle the request.
|
|
*
|
|
* @param Request $request
|
|
* @param callable $next
|
|
* @param string ...$roles
|
|
* @return mixed
|
|
*/
|
|
public function handle(Request $request, callable $next, string ...$roles): mixed
|
|
{
|
|
$user = $request->user ?? null;
|
|
|
|
if (!$user) {
|
|
Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401);
|
|
return null;
|
|
}
|
|
|
|
// Check if user role is in the allowed roles
|
|
// $user->role is an object property since we cast it in AuthMiddleware
|
|
if (!in_array($user->role, $roles)) {
|
|
Response::error('غير مسموح لك بالقيام بهذا الإجراء', 'FORBIDDEN', 403);
|
|
return null;
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
}
|