Laravel Oauth2 Scopes and Routes

Question

I'm working on a Laravel API with Oauth2 ( lucadegasperi/oauth2-server-laravel ) that uses different scopes, lets say admin and user. The API serves an emberjs application on the frontend. Obviously the user will have access to less resources than the admin. My problem is that, ember will make requests to certain routes that should have the same name but that will use different controllers.

I would like to setup my api so that I could use a route of the same name, using different controllers in both scopes so I can separate things a bit. Because I would like to leave the ember app structure mostly as it is.

The problem is when I make a request as admin it throws a 403 saying that only user scope can use that route.

That wasn't what I thought would happen. I thought the filter would first check the scope and enter the route even if the same route exists in another scope. But from the looks of it, you have to either use different route names which would be bad for my Ember App or you filter what is sent to each role from each controller and methods and use the route filter "oauthOr" so both roles can access the controller.

In case there's no way to do what I'm trying (see code), is there a way to prevent the controller from executing certain methods based on user role/scope? Appart from manually "ifing and elseing" all over the place?

Below is an example that illustrates what I'm trying to accomplish.

    Route::group(array( 'prefix' => 'api/1', 'before' => 'oauth:admin' ), function(){

    Route::resource('cars', 'ApiAdminCarsController');
    Route::resource('bikes', 'ApiAdminBikesController');

});

Route::group(array( 'prefix' => 'api/1', 'before' => 'oauth:user' ), function(){

    Route::resource('cars', 'ApiUserCarsController');
    Route::resource('bikes', 'ApiUserBikesController');

});

Answer 1

在Route :: resource调用中，您可以执行诸如“ only”，“ except”之类的某些操作，以限制可以通过哪个路由执行哪些方法。