protecting admin and user routes laravel 5

Question

I have a common login for both admin and user. But I have created a roles in my table which looks like:

user_id      role_id
1              2
2              1
3              2

where role_id 1 refers to the admin and role_id 2 refers to the user. I can attach roles to the different user as well. Now what I want is, I want to protect all admin routes and user routes.

For example, I don't want user to get any access that is meant for admin. For now, I can check whether the user is admin or user like if (Auth::user()->hasRole('admin')) or if (Auth::user()->hasRole('user')) .

How should I separate my user routes from admin routes in this case? Should I make my own middleware and implement? If so, how to implement it correctly?

Answer 1

Create two middleware, for admin you can do:

<?php namespace App\Http\Middleware;

use Auth;
use Illuminate\Contracts\Routing\Middleware;

class CheckAdmin implements Middleware {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        if (Auth::user()->hasRole('admin'))
        {
            return $next($request);

        }

        throw new \Exception("Unauthorized");
    }

}

Then enable this middleware in App\\Http\\Kernel

protected $routeMiddleware = [
    'auth' = 'App\Http\Middleware\Authenticate',
    'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',

    'checkAdmin' => 'App\Http\Middleware\CheckAdmin',
];

You can use your CheckAdmin middlware in the routes.php file or in the constructor of your Controller

In routes.php you can do:

Route::group(['middleware' => 'checkAdmin'], function () {

    Route::get('admin/profile', function () {
        // Uses CheckAdmin Middleware
    });
});