Skip to content

feat(LaratrustMiddleware@unauthorized): Add JSON response handling for unauthorized access #691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(LaratrustMiddleware@unauthorized): Add JSON response handling for unauthorized access #691

wants to merge 4 commits into from

Conversation

@Nicodav28
Copy link

What’s New?

  • Added JSON response handling to unauthorized() method in LaratrustMiddleware.
  • If laratrust.middleware.handling is set to json, the middleware will return a structured JSON response instead of redirecting or aborting.

Why This Change?

  • Improves API support by providing standardized JSON responses.
  • Enhances maintainability and scalability by allowing response customization via config/laratrust.php.

Changes Made

  • Updated unauthorized() to support JSON response.
  • Introduced a new json handling option in config/laratrust.php, with:
    • Customizable HTTP status code (code).
    • Optional timestamp inclusion (include_timestamp).
    • Flexible response structure (structure).
  • Maintained full compatibility with existing abort and redirect handlers.

How to Test?

  1. Update config/laratrust.php: 
     'middleware' => [
     /**
      * Define if the laratrust middleware are registered automatically in the service provider.
      */
     'register' => true,

     /**
      * Method to be called in the middleware return case.
      * Available: abort|redirect.
      */
     'handling' => 'json',

     /**
      * Handlers for the unauthorized method in the middlewares.
      * The name of the handler must be the same as the handling.
      */
     'handlers' => [
         /**
          * Aborts the execution with a 403 code and allows you to provide the response text.
          */
         'abort' => [
             'code' => 403,
             'message' => 'User does not have any of the necessary access rights.',
         ],

         /**
          * Redirects the user to the given url.
          * If you want to flash a key to the session,
          * you can do it by setting the key and the content of the message
          * If the message content is empty it won't be added to the redirection.
          */
         'redirect' => [
             'url' => '/home',
             'message' => [
                 'key' => 'error',
                 'content' => '',
             ],
         ],


         /**
          * Defines a custom JSON response format for unauthorized access.
          * This can be used when a JSON response is preferred over a redirect or abort.
          *
          * - 'code': The HTTP status code to return (default: 403).
          * - 'include_timestamp': Whether to include a timestamp in the response (true/false).
          * - 'structure': Defines the JSON response format.
          */
         'json'     => [
             'code'              => 403,
             'include_timestamp' => false,
             'structure'         => [
                 'status'  => 'error',
                 'message' => 'User does not have the necessary access rights to perform this action.',
             ],
         ],
     ],
 ],
  2. Run php artisan config:clear to apply the changes.
  3. Trigger an unauthorized request (e.g., accessing a protected route without permissions).
  4. You should receive a JSON response like: 
    {
    "status": "error",
    "message": "User does not have the necessary access rights to perform this action.",
    "timestamp": "2024-07-01T12:34:56.789Z"
}

Let me know if you need any adjustments

@Nicodav28
✨ (laratrust.php, LaratrustMiddleware.php): Add custom JSON response …
39944e1 
…format for unauthorized access

🔧 (laratrust.php): Update configuration to include new 'json' key with custom response structure
The changes were made to provide a more detailed and structured response when unauthorized access is attempted. This is particularly useful when dealing with API endpoints where a JSON response is more appropriate than a redirect or abort. The configuration file was updated to include a new 'json' key that defines the structure of the response, including a custom message and the option to include a timestamp. The middleware was updated to handle this new configuration and return the custom JSON response when necessary.
@Nicodav28 Nicodav28 changed the title feat(LaratrustMiddleware.php@unauthorized): Add JSON response handling for unauthorized access feat(LaratrustMiddleware@unauthorized): Add JSON response handling for unauthorized access Mar 4, 2025
Nicodav28 added 3 commits March 4, 2025 14:03
@Nicodav28
♻️ (laratrust.php, LaratrustMiddleware.php): Refactor code to improve…
fccadf2 
… readability and consistency

The changes were made to improve the readability of the code and to ensure consistency across the codebase. The alignment of the array elements in 'laratrust.php' was adjusted to make the code cleaner and easier to read. In 'LaratrustMiddleware.php', the strict equality operator was replaced with a loose equality operator to allow for type coercion, which can prevent potential bugs in the future.
@Nicodav28
style(laratrust.php,-LaratrustMiddleware.php): remove unnecessary whi…
822d657 
…tespace and standardize string quotes

The unnecessary whitespace in laratrust.php was removed to keep the code clean and maintainable. In LaratrustMiddleware.php, the double quotes around "json" were replaced with single quotes to standardize the use of string quotes across the codebase. This enhances readability and consistency in the code.
@Nicodav28
style(laratrust.php-LaratrustMiddleware.php): remove unnecessary whit…
3ddde0d 
…espace and also adds a whitespace after the inequality operator in the condition where include timestamp option is being validated

These changes are made to ensure that the code style is followed to the fullest extent
@Nicodav28
Copy link
Author

@santigarcor Would you like to give a brief review to this PR, I can make any adjustment you consider pertinent to approve this PR, please and thank you!

santigarcor
santigarcor requested changes Jun 2, 2025
View reviewed changes
Copy link
Owner

@santigarcor santigarcor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if instead of returning a json the configuration allows for a custom response handler? Like an invokable class that returns a response? In that way you can do whatever you want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@santigarcor santigarcor santigarcor requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Nicodav28 @santigarcor