hooking beforeFilter auth -laravel 4

Question

I have the following table

id  email            password  role
1   someemail        password  admin
2   someemail        password  guest

Guest is the one who can access few privileged section of front end (eg: commenting blog post etc)

Guest is normally registered via facebook using oauth. I have blocked guest from admin login like below

if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password'),'role'=>'admin'))) {  

But problem is that , when ever user login from facebook , the session is shared and can access admin as well.

facebook login code is as below

 //$result hold facebook information
    $user->firstname = $result['first_name'];
                $user->lastname = $result['last_name'];
                $user->email = $result['email'];
                $user->password ='sample';
                $user->role='facebook';
                //check user with same email is already there
                $usr = User::where('email', '=', $result['email'])->count();
                if($usr==0)
                    $user->save();
                //automatically login the registered user
                $user = User::where('email', '=', $user->email)->where('role', '=', 'facebook')->first();
                Auth::login($user);

Now in each controller i have called following function on constructor

public function __construct()   {
        $this->beforeFilter('auth');
    }

This is not sufficient to stop the session sharing from guest user.. any help will be appreciated

Answer 1

Create a new filter in app/filters.php that checks if the user is an admin.

Route::filter('auth.admin', function()
{
    if (Auth::guest())
        return Redirect::guest('/');

    if (Auth::user()->role != 'admin')
        return Redirect::to('/');
});

Now in your admin controllers call the new filter

public function __construct()
{
    $this->beforeFilter('auth.admin');
}