I found the method getActionName()
in the Route
class of Laravel which returns the action to be executed (in the form of UserController@create
, just like a controller route). So I put it to use in a filter where it is checked against the Sentry user permissions. If the user does not have access to, it will render an error view.
routes.php (added the perm
filter to the grouped rotes):
Route::group(array('before'=>'auth|perm'), function() {
filters.php:
Route::filter('perm', function($route, $request) {
$user = Sentry::getUser();
if ($user)
{
if ($user->hasAccess($route->getActionName()) == false)
{
return Response::view('errors.forbidden', array(), 403);
}
}
});