I am using middleware in laravel. I have two middleware one is admin and second one is commissioner
Now in both middlewares some routes access to both middleware and some are not. Now what happen is i want personal routes of admin middleware not be accessed in commissioner middleware. Here i have tried:-
//Admin Middleware Route
Route::group(["middleware" => ['admin']], function () {
Route::match(['get', 'post'], '/admin/users', 'AdminController@users');
});
//Commissioner Middleware Route
Route::group(["middleware" => ['commissioner']], function () {
//we can put later on these routes
});
// common middleware routes between commissioner and admin
Route::group(["middleware" => ['admin','commissioner']], function () {
Route::match(['get', 'post'], '/admin/dashboard', 'AdminController@dashboard');
Route::match(['get', 'post'], '/admin/profile', 'AdminController@profile');
});
Now when i access the AdminController@users route when i login through commissioner it is accessible but i want that route not be accessed in when commissioner login. but AdminController@dashboard and AdminController@profile should be accessible in both middleware
When admin login then type is : master
when commsioner login then type is : commissioner
// Commissioner Middleware
class Commissioner
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if(empty(Session::has('adminSession'))){
return redirect()->action('AdminController@login')->with('flash_message_error', 'Please Login');
}
return $next($request);
}
}
// admin Middleware
class Admin
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if(empty(Session::has('adminSession'))){
return redirect()->action('AdminController@login')->with('flash_message_error', 'Please Login');
}
return $next($request);
}
}
Please help me i am using laravel 5.2. Thanks in advnace :)
答案 0 :(得分:3)
If I understand your problem correctly, you have one admin table which contains tow different types of admins: master and commissioner. These two types of admins are both logined in by invoke AdminController@login method. You want to use middleware to check the types of the admin to protect your routes.
Below is my suggestions:
Middlewares:
class AdminAuth
{
public function handle($request, Closure $next)
{
if(!Session::has('adminSession')){
return redirect()->action('AdminController@login')->with('flash_message_error', 'Please Login');
}
return $next($request);
}
}
class Master
{
public function handle($request, Closure $next)
{
$admin = ... // Your code to retrived authenticated admin instance.
if($admin->type !== 'master') { // I assume you have a type field.
// return error here to indicate user is not a master
}
return $next($request);
}
}
class Commissioner
{
public function handle($request, Closure $next)
{
$admin = ... // Your code to retrived authenticated admin instance.
if($admin->type !== 'commissioner') { // I assume you have a type field.
// return error here to indicate user is not a commissioner
}
return $next($request);
}
}
Routes:
//Admin Middleware Route can only be accessed by master admin
Route::group(["middleware" => ['admin', 'master']], function () {
Route::match(['get', 'post'], '/admin/users', 'AdminController@users');
});
//Commissioner Middleware Route
Route::group(["middleware" => ['admin', 'commissioner']], function () {
//we can put later on these routes
});
// common middleware routes between commissioner and admin
Route::group(["middleware" => ['admin']], function () {
Route::match(['get', 'post'], '/admin/dashboard', 'AdminController@dashboard');
Route::match(['get', 'post'], '/admin/profile', 'AdminController@profile');
});
BTW, the middlewares are "AND" relationship. Say you have below declaration in your routes:
"middleware" => ['admin', 'commissioner']
This means the route can be accessed only when you passed both 'admin' and 'commissioner' checking.