Added unauthorized action respons handler

Added warning log for unauthorized action
9 years ago · 565382ed82
2 changed files with 16 additions and 0 deletions
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@ -3,8 +3,10 @@
 namespace App\Exceptions;

 use Exception;
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Log;

 class Handler extends ExceptionHandler
 {
@ -44,6 +46,18 @@ class Handler extends ExceptionHandler
     */
    public function render($request, Exception $exception)
    {
+        /**modified part**/
+        if ($request->wantsJson()) {
+            return response([
+                'success' => false,
+                'message' => $e->getMessage()
+            ], 403);
+        }
+
+        if ($exception instanceof AuthorizationException) {
+            \Log::warning("Unauthorized Access or Action \nURL: " . $request->fullUrl() . " \nIP: " . $request->ip() . "\nForm: " . json_encode($request->all()) . "\n");
+            return response($exception->getMessage(), 403);
+        }
        return parent::render($request, $exception);
    }

--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@ -107,6 +107,8 @@ class UsersController extends Controller
     */
    public function edit(User $user)
    {
+        $this->authorize('edit', $user);
+
        return view('users.edit', compact('user'));
    }