stackoom
  简体   繁体   中英

Laravel 5.3 protecting routes from user have different roles

 原文  2017-01-01 05:38:08       php/ laravel/ routes/ laravel-5.3

Question

problem

I'm looking for a way to protect users from access routes which do not belong to them, example admin cannot access user area and simple user cannot access admin area

Hi, i've a laravel 5.3 app and it has two types of users

  1. Admin
  2. Simple User

i'm trying to prevent admin from accessing simple user routes and vice-versa, I search a lot and found one solution of creating a middleware

what i've done 

<?php

namespace App\Http\Middleware;

use Auth;

use Closure;

class UserRole
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ( Auth::check()) // user logged
        {
            $request_url = $request->getRequestUri();
            if( Auth::user()->user_type == 1 ) // simple user
            {
                // checking if simple user is visiting routes              // starts with /user in the url 
                if (strpos($request_url, "/user") === 0)
                {
                    return $next($request);
                }
                else
                {
                    return redirect('/');
                }
            }
            // checking if admin is visiting routes                    // starts with /admin in the url
            else if( Auth::user()->user_type == 2 ) // admin
            {
                if (strpos($request_url, "/admin") === 0)
                {
                    return $next($request);
                }
                else
                {
                    return redirect('/');
                }
            }
            else
            {
                return redirect('/');
            }
        }
        return redirect('/');
    }
}

unfortunately both are able to access each others restricted areas. I'm unable to find a better way to protect user from accessing routes which they don't have access too.

1 answers

solution1
 0  2017-01-01 06:32:50

If you want to accomplish that using middleware you need to do following -

  1. Create two middlewares, one for admin and one for simple user.

  2. Then create two route group in your routes file ie routes/web.php

  3. Protect one route group with admin middleware, and put all of your admin related routes in that group. Protect another route group with simple-user middleware and put all of your admin related routes in that group. 

Route::group(['middleware' => ['auth', 'admin']], function() {
    // put all your admin routes here
});

Route::group(['middleware' => ['auth', 'simple-user']], function() {
    // put all your simple user routes here
});

You can also accomplish that using role and permission. Here is a package that can satisfy your needs.

https://packagist.org/packages/zizaco/entrust

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Protecting Routes in Laravel 5.3 protecting admin and user routes laravel 5 Laravel Protecting Routes from other System Request Laravel protecting routes not working Protecting routes in laravel with filters Laravel 6 authentication protecting routes Laravel 5.3 class/routes Laravel 5.3 HTTPS Routes Laravel 4: protecting routes provided by a controller Laravel 7 - Redirecting different user roles to different view
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM