Adds AdminFilter for protecting certain routes. Closes #411

app/routes/dashboard.php

@@ -89,13 +89,16 @@ Route::group(['before' => 'auth', 'prefix' => 'dashboard', 'namespace' => 'Cache
             'as'   => 'dashboard.team',
             'uses' => 'DashTeamController@showTeamView',
         ]);
-        Route::get('add', [
-            'as'   => 'dashboard.team.add',
-            'uses' => 'DashTeamController@showAddTeamMemberView'
-        ]);
-        Route::get('{user}', 'DashTeamController@showTeamMemberView');
-        Route::post('add', 'DashTeamController@postAddUser');
-        Route::post('{user}', 'DashTeamController@postUpdateUser');
+
+        Route::group(['before' => 'admin'], function () {
+            Route::get('add', [
+                'as'   => 'dashboard.team.add',
+                'uses' => 'DashTeamController@showAddTeamMemberView'
+            ]);
+            Route::get('{user}', 'DashTeamController@showTeamMemberView');
+            Route::post('add', 'DashTeamController@postAddUser');
+            Route::post('{user}', 'DashTeamController@postUpdateUser');
+        });
     });
 
     // Settings

app/views/dashboard/team/index.blade.php

@@ -8,9 +8,11 @@
         <span class="uppercase">
             <i class="icon icon ion-android-alert"></i> {{ trans('dashboard.team.team') }}
         </span>
+        @if(Auth::user()->isAdmin)
         <a class="btn btn-sm btn-success pull-right" href="{{ route('dashboard.team.add') }}">
             {{ trans('dashboard.team.add.title') }}
         </a>
+        @endif
         <div class="clearfix"></div>
     </div>
     <div class="content-wrapper header-fixed">

src/Http/Before/AdminFilter.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace CachetHQ\Cachet\Http\Before;
+
+use Illuminate\Http\Request;
+use Illuminate\Routing\Route;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Response;
+
+class AdminFilter
+{
+    /**
+     * Run the auth filter.
+     *
+     * We're verifying that the current user is logged in to Cachet and is an admin level.
+     *
+     * @param \Illuminate\Routing\Route $route
+     * @param \Illuminate\Http\Request  $request
+     *
+     * @return \Illuminate\Http\Response|null
+     */
+    public function filter(Route $route, Request $request)
+    {
+        if (!Auth::check() || (Auth::check() && !Auth::user()->isAdmin)) {
+            return Response::make('Unauthorized', 401);
+        }
+    }
+}

src/Providers/RoutingServiceProvider.php

@@ -36,6 +36,7 @@ class RoutingServiceProvider extends ServiceProvider
     protected function registerFilters()
     {
         // Laravel's before filters
+        $this->app->router->filter('admin', 'CachetHQ\Cachet\Http\Before\AdminFilter');
         $this->app->router->filter('auth', 'CachetHQ\Cachet\Http\Before\AuthFilter');
         $this->app->router->filter('guest', 'CachetHQ\Cachet\Http\Before\GuestFilter');
         $this->app->router->filter('csrf', 'CachetHQ\Cachet\Http\Before\CsrfFilter');