<?php

namespace App\Http\Middleware;

use App\KommaApp\Users\Roles;
use Closure;
use Illuminate\Contracts\Auth\Guard;

/**
 * Class PreventUsersReachingBackend
 *
 * Prevents certain users from reaching the kms.
 * If they try they will be redirected to /
 *
 * @package App\Http\Middleware
 */
class PreventUsersReachingBackend
{
    /**
     * The Guard implementation.
     *
     * @var Guard
     */
    protected $auth;

    /**
     * Create a new filter instance.
     *
     * @param  Guard  $auth
     * @return void
     */
    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($this->auth->check()) {
            $pathParts = explode('/', $request->path()); //Path example: "beheer/users"

            $isKmsRoute = reset($pathParts) == 'beheer';
            if($isKmsRoute && !$this->auth->user()->isAtLeast(Roles::BoardMember)) {
                //A user with not the correct role will be stopped right here with a 403 unauthorized page
                return redirect('/');
            }
        }

        return $next($request);
    }
}