sam-api/app/Http/Middleware/CheckPermission.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use App\Services\AdminPermissionService;

class CheckPermission
{
    public function handle(Request $request, Closure $next, string $permissionCode)
    {
        $userToken = $request->input('user_token');
        if (!$userToken) {
            $userToken = $request->header('X-API-KEY');
            if (!$userToken) {
                return response()->json(['error' => '토큰이 없습니다.'], 401);
            }
        }

        if (!AdminPermissionService::hasPermission($userToken, $permissionCode)) {
            return response()->json(['error' => '권한이 없습니다.'], 403);
        }

        return $next($request);
    }
}
First Commit (API Project) 2025-07-17 10:05:47 +09:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Http\Request;`
			`use App\Services\AdminPermissionService;`

			`class CheckPermission`
			`{`
			`public function handle(Request $request, Closure $next, string $permissionCode)`
			`{`
			`$userToken = $request->input('user_token');`
			`if (!$userToken) {`
			`$userToken = $request->header('X-API-KEY');`
			`if (!$userToken) {`
			`return response()->json(['error' => '토큰이 없습니다.'], 401);`
			`}`
			`}`

			`if (!AdminPermissionService::hasPermission($userToken, $permissionCode)) {`
			`return response()->json(['error' => '권한이 없습니다.'], 403);`
			`}`

			`return $next($request);`
			`}`
			`}`