Нема описа

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. <?php
  2. /*
  3. |--------------------------------------------------------------------------
  4. | Application & Route Filters
  5. |--------------------------------------------------------------------------
  6. |
  7. | Below you will find the "before" and "after" events for the application
  8. | which may be used to do any work before or after a request into your
  9. | application. Here you may also register your custom route filters.
  10. |
  11. */
  12. App::before(function($request)
  13. {
  14. Log::debug('START '.Request::getClientIp().': '.Request::method().' '.Request::path());
  15. if( ! Request::secure())
  16. {
  17. return Redirect::secure(Request::path());
  18. }
  19. });
  20. App::after(function($request, $response)
  21. {
  22. //
  23. });
  24. /*
  25. |--------------------------------------------------------------------------
  26. | Authentication Filters
  27. |--------------------------------------------------------------------------
  28. |
  29. | The following filters are used to verify that the user of the current
  30. | session is logged into this application. The "basic" filter easily
  31. | integrates HTTP Basic authentication for quick, simple checking.
  32. |
  33. */
  34. Route::filter('auth', function()
  35. {
  36. if (Auth::guest())
  37. {
  38. if (Request::ajax())
  39. {
  40. return Response::make('Unauthorized', 401);
  41. }
  42. else
  43. {
  44. return Redirect::guest('/');
  45. }
  46. }
  47. });
  48. Route::filter('auth.basic', function()
  49. {
  50. return Auth::basic();
  51. });
  52. Route::filter('has_access', function()
  53. {
  54. if(!Auth::user()->has_access)
  55. {
  56. Session::flash('status', 'info');
  57. Session::flash('message', 'At this time, access to OLAS is limited to some users. Check back later or contact an administrator.');
  58. Auth::logout();
  59. return Redirect::action('AuthController@showLogin');
  60. }
  61. });
  62. /*
  63. |--------------------------------------------------------------------------
  64. | Guest Filter
  65. |--------------------------------------------------------------------------
  66. |
  67. | The "guest" filter is the counterpart of the authentication filters as
  68. | it simply checks that the current user is not logged in. A redirect
  69. | response will be issued if they are, which you may freely change.
  70. |
  71. */
  72. Route::filter('guest', function()
  73. {
  74. if (Auth::check())
  75. {
  76. switch (Auth::user()->role) {
  77. case 1:
  78. return Redirect::to('administrator');
  79. break;
  80. case 2:
  81. return Redirect::to('school-coordinator');
  82. break;
  83. case 3:
  84. return Redirect::to('program-coordinator');
  85. break;
  86. case 4:
  87. return Redirect::to('professor');
  88. break;
  89. }
  90. }
  91. });
  92. /*
  93. |--------------------------------------------------------------------------
  94. | Administrator Filter
  95. |--------------------------------------------------------------------------
  96. |
  97. | This filter redirects logged in users except administrators to their
  98. | default page if they try to access a forbidden page.
  99. |
  100. */
  101. Route::filter('admin', function()
  102. {
  103. if (Auth::user()->role !=1)
  104. {
  105. switch (Auth::user()->role) {
  106. case 2:
  107. return Redirect::to('school-coordinator');
  108. break;
  109. case 3:
  110. return Redirect::to('program-coordinator');
  111. break;
  112. case 4:
  113. return Redirect::to('professor');
  114. break;
  115. }
  116. }
  117. });
  118. /*
  119. |--------------------------------------------------------------------------
  120. | School Coordinator Filter
  121. |--------------------------------------------------------------------------
  122. |
  123. | This filter redirects logged in users below school coordinators to their
  124. | default page if they try to access a forbidden page.
  125. |
  126. */
  127. Route::filter('scoord', function()
  128. {
  129. if (!(Auth::user()->role ==2 || Auth::user()->role ==1))
  130. {
  131. switch (Auth::user()->role)
  132. {
  133. case 3:
  134. return Redirect::to('program-coordinator');
  135. break;
  136. case 4:
  137. return Redirect::to('professor');
  138. break;
  139. }
  140. }
  141. });
  142. /*
  143. |--------------------------------------------------------------------------
  144. | Program Coordinator Filter
  145. |--------------------------------------------------------------------------
  146. |
  147. | This filter redirects logged in users below program coordinators to their
  148. | default page if they try to access a forbidden page.
  149. |
  150. */
  151. Route::filter('pcoord', function()
  152. {
  153. if (!(Auth::user()->role ==3 || Auth::user()->role ==2 || Auth::user()->role ==1))
  154. {
  155. return Redirect::to('professor');
  156. }
  157. });
  158. /*
  159. |--------------------------------------------------------------------------
  160. | Professor Filter
  161. |--------------------------------------------------------------------------
  162. |
  163. | This filter redirects logged in users except profesors to their
  164. | default page if they try to access a forbidden page.
  165. |
  166. */
  167. Route::filter('prof', function()
  168. {
  169. // If user has no courses then s/he is not a professor
  170. // and must be redirected to her/his overview page
  171. if (!count(Auth::user()->courses))
  172. {
  173. switch (Auth::user()->role) {
  174. case 1:
  175. return Redirect::to('administrator');
  176. break;
  177. case 2:
  178. return Redirect::to('school-coordinator');
  179. break;
  180. case 3:
  181. return Redirect::to('program-coordinator');
  182. break;
  183. }
  184. }
  185. });
  186. /*
  187. |--------------------------------------------------------------------------
  188. | CSRF Protection Filter
  189. |--------------------------------------------------------------------------
  190. |
  191. | The CSRF filter is responsible for protecting your application against
  192. | cross-site request forgery attacks. If this special token in a user
  193. | session does not match the one given in this request, we'll bail.
  194. |
  195. */
  196. Route::filter('csrf', function()
  197. {
  198. $token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
  199. if (Session::token() !== $token)
  200. {
  201. throw new Illuminate\Session\TokenMismatchException;
  202. }
  203. });