<?php
namespace AppHttpMiddleware;
use Closure;
class ApiGuardMiddleware
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->user()->cannot('api', ['AppModelsUser'])) {
return response()->json([
'message' => __('You don't have access to this feature.'),
'status' => 403
], 403);
}
return $next($request);
}
}