dyzulk/trustlab-api
1
0
Fork 0
mirror of https://github.com/dyzulk/trustlab-api.git synced 2026-01-26 13:22:05 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow owner role to access all admin api endpoints and see stats

Browse Source
This commit is contained in:
dyzulk
2025-12-30 20:29:35 +07:00
parent a14d788400
commit 1eabedcb5b
6 changed files with 34 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Middleware/AdminMiddleware.php
View File

@@ -16,7 +16,10 @@ class AdminMiddleware
public function handle(Request $request, Closure $next): Response
{
if (!$request->user() || !$request->user()->isAdminOrOwner()) {
return response()->json(['message' => 'Unauthorized. Admin access required.'], 403);
$role = $request->user() ? $request->user()->role : 'guest';
return response()->json([
'message' => "Unauthorized. Admin access required. (Current role: {$role})"
], 403);
}
return $next($request);