LP-3 feat: user login permission or guard added

fintechbd · Oct 1, 2023 · d37e4a9 · d37e4a9
1 parent 9b23b81
commit d37e4a9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/lang/en/messages.php b/lang/en/messages.php
@@ -11,16 +11,14 @@
 */
 return [
     'success' => 'Login successful.',
+    'forbidden' => 'Access Forbidden! You are not allowed to :permission',
     'logout' => 'Logout successful. Thank you for using our services',
     'failed' => 'These credentials do not match our records.',
     'password' => 'The provided password is incorrect.',
     'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',
     'ip_blocked' => 'Your IP :ip is blocked, Please contact support.',
-    'This user are not login. Please contact support.' => 'This user are not login. Please contact support.',
-    'Sorry, You entered wrong mobile number or invalid password!' => 'Sorry, You entered wrong mobile number or invalid password!',
     'warning' => 'Sorry, You entered wrong credentials! You already attempt :attempt. times out of :threshold',
     'lockup' => 'Sorry, Your Account is has been Locked. Please contact support!',
-    'This user are not login' => 'This user are not login',
     'Sorry, You entered wrong mobile number or invalid pin!' => 'Sorry, You entered wrong mobile number or invalid pin!',
     'Sorry, You entered wrong mobile number or pin! You already attempt :wrong_pin_password. times out of :password_retry_limit' => 'Sorry, You entered wrong mobile number or pin! You already attempt :wrong_pin_password. times out of :password_retry_limit',
 ];
diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php
@@ -62,14 +62,16 @@ public function store(LoginRequest $request): LoginResource|JsonResponse
 
         $request->clearRateLimited();
 
-        if ($attemptUser->hasPermission())
+        if ($attemptUser->can('auth.login')) {
+            $request->session()->invalidate();
+
+            return $this->forbidden(__('auth::messages.forbidden', ['permission' => permission_format('auth.login', 'auth')]));
+        }
 
         Auth::login($attemptUser);
 
         Auth::user()->tokens->each(fn($token) => $token->delete());
 
-        //permission check
-
         return new LoginResource(Auth::user());
     }