I am using laravel quickadmin to create an admin section
https://github.com/LaravelDaily/quickadmin
It allows to create roles and users based on roles. How can i redirect users of a specific role into website and not admin.
Many thanks
change the following in the middleware
public function handle($request, Closure $next)
{
if ($request->user() != null && $request->user()->permissionCan($request)) {
return $next($request);
}
abort(403);
return false;
}
to (alter "specific role" and "your route" as you wish)
public function handle($request, Closure $next)
{
if ($request->user() != null && $request->user()->permissionCan($request)) {
$response = $next($request);
if( $request->user()->role() == 'specific role'){
redirect()->route('your route');
}
return $response;
}
abort(403);
return false;
}
Related
I'm trying to implement a middleware in Laravel 5.8 which checks if a value is true for a model Customer. I want the app routes to redirect to a route ('login'), for the api routes I want to give a 401 response. I think I'm overseeing something.
This is my Middleware which works for the app routes, but I can't get the middleware to handle the unauthorized requests ($user['dropshipping'] === false) correctly..
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user instanceof Customer) {
if ($user->guard(['web'])['dropshipping']) {
return $next($request);
} elseif($user->guard(['customer-api'])['dropshipping']) {
return $next($request);
} else {
return redirect(route('login'))->with('error', 'Account not activated, please contact TWM BV.');
}
} else {
return $next($request);
}
}
Guards are associated to Auth not to users.
So you can use Auth::guard('guard-name') or auth()->guard('guard')
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user instanceof Customer) {
if (auth()->guard('web')->user()->dropshipping) {
return $next($request);
} elseif(auth()->guard('customer-api')->user()->dropshipping) {
return $next($request);
} else {
return redirect(route('login'))->with('error', 'Account not activated, please contact TWM BV.');
}
} else {
return $next($request);
}
}
Instead of the laravel multi auth I am using my own (primitive) method to have admin users.
I just have an extra table in the database called PAdmin and in this table I have the id's of the admin users.
When I log in to the application I want to redirect the admin users to another page instead of the home page.
For that reason, I went to Http\Middleware\RedirectIfAuthenticated and changed the code so from this :
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/home');
}
return $next($request);
}
I changed it to this :
public function handle($request, Closure $next, $guard = null)
{
$user_id = Auth::id();
$isAdmin = PAdmin::where('user_id',$user_id)->get()->isEmpty();//returns 'true' if empty
if (Auth::guard($guard)->check() && $isAdmin) {//IF $isAdmin is TRUE it means that the user is not admin
return redirect('/home');
}elseif (Auth::guard($guard)->check() && !($isAdmin)){//IF $isAdmin is FALSE it means that the user is not admin
return redirect('/admin');
}
return $next($request);
}
The idea is simple - if there is a record with the user's ID in the PAdmin table $isAdmin will be false and the elseif will execute.
Unfortunately this isn't working and I don't know why.
Maybe this isn't the right way to do it at all.
Can someone help me get this right.
P.S. I don't want to use multi auth.
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
if(PAdmin::where('user_id',Auth::id())->first() != null) return redirect('/admin');
return redirect('/home');
}
return $next($request);
}
More clear and easier.
I created two Middleware called "MustBeAdmin" and "MustBeUser" to make sure depending on the user login I redirect them to the right page and restrict unauthorized content. Currently everything is working fine and redirects work well too. But the Logic I wrote behind the scene seems wrong to me and its weird it still works. If I write the logic that seems right to me atleast, it does not seem to work as expected.
Users table
id (1,2,3,...)
name
role (1,2,3,...)
Roles table
id (1,2,3,...)
role (Student, Admin,...)
MustBeAdmin middleware
public function handle($request, Closure $next)
{
if($request->user()->role == 2)
{
return $next($request);
}
else
{
return redirect('/admin/users');
}
}
MustBeUser middleware:
public function handle($request, Closure $next)
{
if($request->user()->role == 1)
{
return $next($request);
}
else
{
return redirect('/admin/users');
}
}
kernel.php
'admin' => \App\Http\Middleware\MustBeAdmin::class,
'user' => \App\Http\Middleware\MustBeUser::class,
As you can see I have registered middlewares in kernel.
I am getting results exactly what I need but I doubt if the logic in middleware is correct?
1 = Student
2 = Admin
if you see in MustBeAdmin middleware I am comparing if user role is 2 (admin) then do next($request) and in MustBeUser middleware I am comparing if user role is 1 (Student) then do next($request) and I set else to /Admin directory.
I feel its wrong, what do you think?
You are not checking the authenticated users details in your Middleware. The middleware should be something like:
//for student
public function handle($request, Closure $next)
{
if ( Auth::check() && Auth::user()->role == 1 )
{
return $next($request);
}
return redirect('/admin');
}
//for admin
public function handle($request, Closure $next)
{
if ( Auth::check() && Auth::user()->role == 2 )
{
return $next($request);
}
return redirect('/student');
}
You should check my detailed answer on the same topic here
Yes, It can be handled in one common file.
Here is the code
public function handle($request, Closure $next)
{
$user = User::find(Auth::id());
$roles = [];
foreach ($user->roles as $key => $value) {
array_push($roles, $value->pivot->role_id);
}
$routeName = Route::getFacadeRoot()->current()->uri();
$route = explode('/', $routeName);
if ($route[0] == "teacher") {
if (in_array(2, $roles)) {
return $next($request);
} else {
return response('Unauthorized.', 401);
}
} elseif ($route[0] == "student") {
if (in_array(1, $roles)) {
return $next($request);
} else {
return response('Unauthorized.', 401);
}
} elseif ($route[0] == "admin") {
if (Auth::user()->admin == 1) {
return $next($request);
} else {
return response('Unauthorized.', 401);
}
} else {
if (!Auth::user()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('admin-panel/auth/login');
}
}
}
return $next($request);
}
You can alter the logic according to your need.
I created a middleware to check if a user is admin or editor, but for some reason in my if statement when i use the OR operator to check if the user has access, it doesnt work, it accepts the first property statement, but not after the OR operator.
To work i need to separate each condition of account type.
For example:
Code dont work:
public function handle($request, Closure $next)
{
if(Auth::user()->account_type_id == '1' || Auth::user()->account_type_id == '2') // is an admin
{
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin. redirect whereever you like
}
Code that Works:
public function handle($request, Closure $next)
{
// dd($request->all());
if(Auth::user()->account_type_id == '1') // is an admin
{
return $next($request); // pass the admin
}
if(Auth::user()->account_type_id == '2') // is an admin
{
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin. redirect whereever you like
}
Does anybody no whats wrong?
I would create an array and check the condition again the array of possible solutions.
public function handle($request, Closure $next)
{
$accountTypes = array('1','2');
if (in_array(Auth::user()->account_type_id, $accountTypes)) {
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin
}
Try using the in_array function, this will also make your code more readable and easy to maintain.
public function handle($request, Closure $next)
{
if (in_array(Auth::user()->account_type_id, ['1', '2'])) // is an admin
{
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin. redirect whereever you like
}
I don't know why the second one work but here is mine and it works fine give it a try
public function handle($request, Closure $next)
{
$user = $request->user();
if ($user->role == 1 || $user->role == 2) {
return $next($request);
}
else{
return redirect(url('/admin'));
}
}
i want to show a 404 error page if the user try to access to de admin page if he is not logged or if he dont have the 'Admin' type. This work fine if the user is logged in, if not the user access to the admin panel. If i remove the if(Auth::check()) the script shows a Trying to get property of non-object error.
class AdminMiddleware {
public function handle($request, Closure $next)
{
if(Auth::check()){
if ($request->user()->type != 'Admin'){
return abort(404);
}
}
return $next($request);
}
}
Try this
class AdminMiddleware {
public function handle($request, Closure $next)
{
if(Auth::check()){
if ($request->user()->type != 'Admin'){
return abort(404);
}
}else{
return abort(404);
}
return $next($request);
}
}
It should check if user is logged in and if so check if hes and admin, if hes not logged in show him the 404
or a shorter version
class AdminMiddleware {
public function handle($request, Closure $next)
{
if(Auth::check() && $request->user()->type == 'Admin'){
return $next($request);
}
return abort(404);
}
}