I have added this method to my User model:
public function isSuperUser()
{
return $this->is_superuser;
}
is_superuser is a column of my users table which is set to Boolean type.
And then I created this middleware to check if the authenticated user is admin (super user) or not:
public function handle($request, Closure $next)
{
if($request->user()->isSuperUser()) {
return $next($request);
}
return redirect('/');
}
And I have applied this middleware to all the admin routes in RouteServiceProvider.php:
Route::middleware('auth.admin')
->namespace($this->namespace)
->prefix('admin')
->group(base_path('routes/web/admin.php'));
But now when I load one of the admin routes I get this error:
Call to a member function isSuperUser() on null
However I am already logged in to my account.
So what's going wrong here? How can I solve this issue?
You need to assume that user is not logged so you should use:
if($request->user()?->isSuperUser()) {
return $next($request);
}
or
if(optional($request->user())->isSuperUser()) {
return $next($request);
}
if you are using older PHP versions
Use this instead.
// ...
if(auth()->user()?->is_superuser)
// ...
Related
Actually I wanted that my application will go to admin_panel.blade.php only if the user login. I don't want to go there directly. So I implemented middleware and session but it's not working because if I directly goes to 'admin_panel' then it does not restrict me. Without or with using login information it grants me to go to admin_panel.
Kindly solve my issue.
Web.php
Route::get('/admin_log', function () {
return view('Admin.admin_login');
});
Route::group(['middleware'=>'session_auth'],function(){
Route::get('/admin_panel','LoginController#admin_panel');
LoginController
public function admin_panel(){
return view('Admin.admin_panel');
}
public function admin_login(Request $req){
$login=AdminLogin::first();
if ($login->Admin_Name==$req->admin_name && $login->Admin_Password==$req->admin_password ){
$req->session()->put('session_name',$req->admin_name);
return redirect('admin_panel');
}
else{
return redirect('admin_log')->with('error','Invalid UserName or Password!');
}
}
Middleware
public function handle($request, Closure $next)
{
if(is_null($request->session()->get('session_name'))){
return redirect('/admin_log');
}
return $next($request);
}
I've been stuck here for a while. I hope I can clearly explain the issue. I'm trying to have separate pages for admin and user. For that, I have created an admin middleware. Now when I login, it redirects me to the same page either its admin or user. I want it to go to admin dashboard when admin logs in and to the user home when user logs in. I hope the issue is clear.
Here is the AdminMiddleware code:
public function handle($request, Closure $next)
{
if(Auth::user()->user_type == 'admin') //If usertype is admin
{
return $next($request);
}
else {
return redirect('home');
}
}
Here are the routes code:
Route::get('/','HomeController#index');
//For Admin
Route::group(['middleware' => ['auth','admin']], function() {
Route::get('/admin','HomeController#home_page');
Route::get('/users-list', 'UserController#users_list');
});
Here is the HomeController code:
public function index()
{
return view('home', compact('currantWorkspace'));
}
I've added the Middleware path to kernel.php file.
I'll be happy to provide any other details if needed. Any solutions/suggestions will be highly appreciated.
Edit
I've tried this, but still issue.
protected function redirectTo(){
if (Auth::user()->user_type != 'admin') {
return 'admin';
//return redirect('/admin');
}
else {
return 'home';
//return redirect('/');
}
}
I think the redirectTo function is not working, or not checking the if/else conditions
Why don't you create an 'if, else' statement in your login function like:
if(Auth::user()->user_type == "Admin"){
return Redirect::route('dashboard');
}else if(Auth::user()->user_type == "Standard User"){
return Redirect::route('home');
}
Change the route as follows.
Route::get('/','HomeController#index')->name('home');
Route::group(['middleware' => ['auth','admin']], function()
{
Route::get('/admin','HomeController#home_page')->name('admin.home');
Route::get('/users-list', 'UserController#users_list');
});
Change the redirect statement in middleware as
public function handle($request, Closure $next)
{
if(Auth::user()->user_type == 'admin') //If usertype is admin
{
return $next($request);
}
else
{
return redirect()->route('home');
OR
return redirect('/');
}
}
There are a few problems, currently, the key thing is that the middleware you defined is not being called when anyone tries to log in.
To make it work I think you just need to add this to your LoginController.php
protected function authenticated()
{
if (Auth::user()->user_type == 'admin') {
return redirect('dashboard');
}
return redirect('home');
}
This method basically tells laravel what you want to do after the user is logged in.
I'm developing a Laravel ACL System. My base Table's are users,roles,permissions and pivot tables are role_user,role_permission,user_permission.
I want to check User Permissions using my custom middleware HasPermission. I have tried this way but it's not working properly. every user can access the all the permissions which have or have not.
Now, How can I solve the issue. Please see my code sample.
My Controller.
function __construct()
{
$this->middleware('auth');
$this->middleware('HasPermission:Role_Read|Role_Update|Role_Delete');
}
My Middleware.
class HasPermission
{
public function handle($request, Closure $next,$permissions)
{
$permissions_array = explode('|', $permissions);
// $user = $this->auth->user();
foreach($permissions_array as $permission){
if(!$request->user()->hasPermission($permission)){
return $next($request);
}
}
return redirect()->back();
}
}
and, my User Model method.
public function user_permissions()
{
return $this->belongsToMany(Permission::class,'user_permission');
}
public function hasPermission(string $permission)
{
if($this->user_permissions()->where('name', $permission)->first())
{
return true;
}
else
{
return false;
}
}
Best way to do is that you need to introduce an new service provider and in that you can check the authorization and permissions.
I made a test project (last year) for db driven permission and I used service provider.
That's the perfect way to implement.
Basically !$request->user()->hasPermission($permission) is saying if the user associated with the request does not have this permission the middleware passes, however this is not what you want. Here's what you should do:
If you need the user to have one of the stated permissions you need to do:
class HasPermission
{
public function handle($request, Closure $next,$permissions)
{
$permissions_array = explode('|', $permissions);
foreach($permissions_array as $permission){
if ($request->user()->hasPermission($permission)){
return $next($request);
}
}
return redirect()->back();
}
}
If you want the user to have all stated permissions you need to do:
class HasPermission
{
public function handle($request, Closure $next,$permissions)
{
$permissions_array = explode('|', $permissions);
foreach($permissions_array as $permission){
if (!$request->user()->hasPermission($permission)){
return redirect()->back();
}
}
return $next($request);
}
}
As an added note if you want to do this in a more elegant way you can do:
class HasPermission
{
public function handle($request, Closure $next, ...$permissions_array)
{
//Function body from above without the explode part
}
}
And
function __construct()
{
$this->middleware('auth');
$this->middleware('HasPermission:Role_Read,Role_Update,Role_Delete');
}
If you use commas then the framework will split the string into arguments for you .
In my case i just added simple function to get permissions from database and then check it Middleware. Check this code:
// Add new function to get permissions from database
public static function user_permissions($user) {
$permissions=DB::table('permissions')->where('user_id', $user)->first();
return $permissions;
}
// In Middleware check your permissions
if(Auth::guest())
{
return redirect('/');
}
elseif(Functions::user_permissions(Auth::user()->id)->user_managment != 1) {
return redirect('/');
} else {
return $next($request);
}
In web.php/api.php:
Route::middleware('hasPermission')->group(function() { // for all routes
Route::get('/article', [ArticleController::class, 'index'])->name('article.index');
});
in middleWare:
class HasPermission
{
public function handle($request, Closure $next)
{
$routeName = Request::route()->getName();
$permission = $user->permissions()->where('route_name', $routeName)->first();
if ( ! empty($permission)){
return redirect()->back();
}
return $next($request);
}
}
I have trouble redirecting after user authentication. I would like to redirect admin to admin panel, and user to home so I made admin middleware:
public function handle($request, Closure $next)
{
if (Auth::user() && Auth::user()->isAdmin()) {
return $next($request);
}
return redirect('/');
}
Routes for admin panel are:
Route::prefix('admin')->middleware(['web', 'admin', 'auth'])->group(function () {
Route::get('/', 'HomeController#index');
Route::resource('user', 'Admin\UserController');
});
I have User and Role models in a M-2-M relationship.
User model:
public function role(){
return $this->belongsToMany('App\Role');
}
public function isAdmin()
{
return ($this->role->first()->name == 'Admin') ? true : false;
}
Auth LoginController:
protected $redirectTo = '/admin';
Auth RedirectIfAuthenticated:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/');
}
return $next($request);
}
Issue I'm having is that I always end up on home page. When watching through the inspector I noticed something strange, don't know if it is a standard procedure or not:
Login seems to be triggered twice? Route to /admin was triggered and got 200 OK status, but I never got to see it. If I manually enter it to the browser however, it will lead me to the admin dashboard.
I tried to implement role base authentication. Authentication is done correctly. If the user is admin only then he can register a new employee. But the matter is the data put into registration form is not saved to database. Route redirections are correct but data is not saved. I am using builtin auth system of laravel 5.2.
Route:: get('/register',['middleware'=> 'roles', function(){
return view('auth.register');
}]);
middleware:
public function handle($request, Closure $next)
{
if ($request->user()==null)
{
return redirect('/login');
}
if (!$request->user()->isAdmin()){
return redirect('books');
}
return $next($request);
}
}
User Model:
public function roles(){
return $this->belongsToMany('App\Role','roles_users', 'user_id', 'role_id');
}
public function isAdmin() {
return in_array(2, $this->roles()->pluck('role_id')->all());
}
if I remove the middleware then the registered data is saved properly.
I solved my problem. In built in AuthController there is a constructor with predefined middleware. Deleted it. My code works as I wanted.