Protecting all admin/ routes with auth in Laravel
Question
I am brand new to laravel and am setting up admin panel authorization on my first application. The way I have my files setup currently setup is:
controllers/
admin/
dashboard.php
settings.php
non-admin-controller1.php
non-admin-controller1.php
views/
admin/
dashboard.blade.php
login.blade.php
template.blade.php
non-admin-view1.php
non-admin-view1.php
non-admin-view1.php
...and these are my routes
Route::get('admin/login', function()
{
return View::make('admin.login');
});
Route::get('admin/logout', function()
{
return Auth::logout();
return Redirect::to('admin/login');
});
Route::post('admin/login', function()
{
$userdata = array('username' => Input::get('username'),
'password' => Input::get('password'));
if (Auth::attempt($userdata))
{
return Redirect::to('admin');
}
else
{
return Redirect::to('admin/login')->with('login_errors',true);
}
});
Route::controller('admin.dashboard');
Route::get('admin', array('before' => 'auth', function() {
return Redirect::to_action('admin@dashboard');
}));
Route::filter('auth', function()
{
if (Auth::guest()) return Redirect::to('admin/login');
});
When I go to /admin I am redirected to admin/login and asked to login which is exactly how I need it to work. Upon logging in I am redirected to admin/dashboard and it all looks good there too. I am having 2 problems however.
When I go to admin/logout I am logged out but greeted with a blank page (it's not redirecting to admin/login)
When logged out, if I go to admin/dashboard I am greeted with the error
Error rendering view: [admin.dashboard]
Trying to get property of non-object
What am I doing wrong here? What am I doing right? Would it make more sense to create a separate bundle for admin? Thanks!
3 answers
solution1
10 ACCPTED 2013-04-07 04:57:52
So I was able to solve my problem a slightly different way. I created an (base) Admin_Controller in the root of the controllers folder, with a constructor calling the auth filter before execution:
class Admin_Controller extends Base_Controller {
public function __construct()
{
$this->filter('before', 'auth');
}
}
and then made all my admin related controllers in /controllers/admin extend Admin_Controller and call the parent constructor:
class Admin_Dashboard_Controller extends Admin_Controller {
public function __construct()
{
parent::__construct();
}
public function action_index()
{
return View::make('admin.dashboard');
}
}
This might not be the most eloquent solution, but it does the job!
solution2
9 2013-04-05 06:34:51
In your admin/login route you have an unnecessary return before the Auth::logout() call, nuke that and it should fix it up.
Another issue here is that only your one 'admin' route is getting filtered. You could wrap all of your admin routes with a Route::group() and apply the 'auth' before filter or you could use Route::filter('pattern: admin/*', 'auth') too.
Check out:
http://laravel.com/docs/routing#filters
For the second issue, is your Admin Dashboard controller class named Admin_Dashboard_Controller and if so, do you have an action_index() or get_index() function in there returning a view?
Check out:
http://laravel.com/docs/controllers#nested-controllers
(I'm assuming you're using L3 here btw.)
solution3
6 2015-12-31 22:48:19
For future readers, a very clean way to handle this is using Laravel's Route Groups :
Route groups allow you to share route attributes, such as middleware or namespaces, across a large number of routes without needing to define those attributes on each individual route.
Route::group(['middleware' => 'auth'], function () {
Route::get('/', function () {
// Uses Auth Middleware
});
Route::get('user/profile', function () {
// Uses Auth Middleware
});
});
They can be used not only for authentication, but also Namespaces , Sub-Domains , and more.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.