I've been creating authentification for users and for admins with Laravel Hesto / multi Auth...
I've also created other views that can be reached only by admins. I also created the routes to access those pages...
Route::group(['prefix' => 'admin'], function () {
Route::get('/', function (){
return redirect('/admin/login');
});
Route::get('/login', 'AdminAuth\LoginController#showLoginForm')->name('login');
Route::post('/login', 'AdminAuth\LoginController#login');
Route::post('/logout', 'AdminAuth\LoginController#logout')->name('logout');
Route::get('/register', 'AdminAuth\RegisterController#showRegistrationForm')->name('register');
Route::post('/register', 'AdminAuth\RegisterController#register');
Route::post('/password/email', 'AdminAuth\ForgotPasswordController#sendResetLinkEmail')->name('password.request');
Route::post('/password/reset', 'AdminAuth\ResetPasswordController#reset')->name('password.email');
Route::get('/password/reset', 'AdminAuth\ForgotPasswordController#showLinkRequestForm')->name('password.reset');
Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController#showResetForm');
// Routes settings admin
Route::resource('/settings/langs', 'Admin\LangController');
// Route core application
Route::resource('/mappings/sectors', 'Admin\SectorController');
});
My problem is that the route for settings/langs and mapping/sectors can be reached by not logged users ... And those page should be restricted...
Just wrapp them under auth middleware
Route::group(['prefix' => 'admin'], function () {
Route::get('/', function (){
return redirect('/admin/login');
});
Route::get('/login', 'AdminAuth\LoginController#showLoginForm')->name('login');
Route::post('/login', 'AdminAuth\LoginController#login');
Route::post('/logout', 'AdminAuth\LoginController#logout')->name('logout');
Route::get('/register', 'AdminAuth\RegisterController#showRegistrationForm')->name('register');
Route::post('/register', 'AdminAuth\RegisterController#register');
Route::post('/password/email', 'AdminAuth\ForgotPasswordController#sendResetLinkEmail')->name('password.request');
Route::post('/password/reset', 'AdminAuth\ResetPasswordController#reset')->name('password.email');
Route::get('/password/reset', 'AdminAuth\ForgotPasswordController#showLinkRequestForm')->name('password.reset');
Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController#showResetForm');
Route::group(['middleware'=>'auth'], function(){
// Routes settings admin
Route::resource('/settings/langs', 'Admin\LangController');
// Route core application
Route::resource('/mappings/sectors', 'Admin\SectorController');
});
});
This will prevent non-auth users to access those routes.
Related
I am trying to set up routing for different roles in my application but I am encountering an error. I want to know if the approach I am using is correct. I would like to specify the routes for each role and I am unsure if my method is the right one to achieve this.
This is my web.php file:
<?php
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
//guest pages
Route::get('/', function () {
return redirect()->route('login');
});
Auth::routes();
route::middleware('auth')->group(function () {
Route::get('/home', [App\Http\Controllers\HomeController::class, 'index'])->name('home');
Route::middleware('hasRole:Super Admin')->prefix('SuperAdmin')->group(function () {
Route::prefix('users')->group(function () {
//users routes
Route::get('', [\App\Http\Controllers\UserController::class, 'index'])->name('users.index');
Route::get('profile/{id}', [\App\Http\Controllers\ProfileController::class, 'show'])->name('profile.show');
Route::put('profile/{id}', [\App\Http\Controllers\ProfileController::class, 'update'])->name('profile.update');
Route::delete('/delete_user/{id}', [\App\Http\Controllers\UserController::class, 'destroy'])->name('users.destroy');
Route::get('ajouter_utilisateur', [App\Http\Controllers\UserController::class, 'create'])->name('user.create');
Route::post('ajouter_utilisateur', [App\Http\Controllers\UserController::class, 'store'])->name('user.store');
});
Route::prefix('fournisseurs')->name('fournisseur.')->group(function () {
//fournisseurs routes
Route::get('', [App\Http\Controllers\FournisseurController::class, 'index'])->name('index');
Route::delete('{id}', [App\Http\Controllers\FournisseurController::class, 'destroy'])->name('destroy');
Route::get('edit_fournisseur/{id}', [\App\Http\Controllers\FournisseurController::class, 'edit'])->name('edit');
Route::put('fournisseurs/{id}', [\App\Http\Controllers\FournisseurController::class, 'update'])->name('update');
Route::get('ajouter_fournisseur', [App\Http\Controllers\FournisseurController::class, 'create'])->name('create');
Route::post('ajouter_fournisseur', [App\Http\Controllers\FournisseurController::class, 'store'])->name('store');
});
Route::prefix('factures')->name('facture.')->group(function () {
//factures routes
Route::get('', [App\Http\Controllers\FactureController::class, 'index'])->name('index');
Route::delete('{id}', [App\Http\Controllers\FactureController::class, 'destroy'])->name('destroy');
Route::get('ajouter_facture', [App\Http\Controllers\FactureController::class, 'create'])->name('create');
Route::post('ajouter_facture', [App\Http\Controllers\FactureController::class, 'store'])->name('store');
Route::get('download/{id}', [App\Http\Controllers\FactureController::class, 'downloadFacture'])->name('downloadFacture');
});
});
Route::middleware('hasRole:Admin')->prefix('Admin')->group(function () {
Route::prefix('users')->group(function () {
//users routes
Route::get('', [\App\Http\Controllers\UserController::class, 'index'])->name('users.index');
Route::get('profile/{id}', [\App\Http\Controllers\ProfileController::class, 'show'])->name('profile.show');
Route::put('profile/{id}', [\App\Http\Controllers\ProfileController::class, 'update'])->name('profile.update');
Route::delete('/delete_user/{id}', [\App\Http\Controllers\UserController::class, 'destroy'])->name('users.destroy');
Route::get('ajouter_utilisateur', [App\Http\Controllers\UserController::class, 'create'])->name('user.create');
Route::post('ajouter_utilisateur', [App\Http\Controllers\UserController::class, 'store'])->name('user.store');
});
Route::prefix('fournisseurs')->name('fournisseur.')->group(function () {
//fournisseurs routes
Route::get('', [App\Http\Controllers\FournisseurController::class, 'index'])->name('index');
});
Route::prefix('factures')->name('facture.')->group(function () {
//factures routes
Route::get('', [App\Http\Controllers\FactureController::class, 'index'])->name('index');
Route::get('download/{id}', [App\Http\Controllers\FactureController::class, 'downloadFacture'])->name('downloadFacture');
});
});
});
And with this solution i get the error message
Optimization failed (See output console for more details)
Can someone help me to find out the solution for this issue or suggest me the right way to do it?
for role management in Laravel I suggest you use "spatie/Laravel-permission".
this is documention link:
https://spatie.be/docs/laravel-permission/v5/introduction
after install this package you must create middleware for each role and then check those on web.php
I have a Laravel structure like this:
app/
Http/
Controllers/
Api/
Auth/
RegisterController
and the API route:
// AUTH
Route::namespace('Api')->group(function () {
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
Route::post('register', 'Auth\RegisterController#register');
});
But the POST request to http://domain.xx/api/register return an internal error:
Class App\Http\Controllers\Api\Auth\RegisterController does not exist
in file...
I've tried pointing to '..\Auth\RegisterController#register' but I got same error:
Class ..\Auth\RegisterController does not exist in file
It should be simple to fix lol... but... can you help me?
Routes Group
Route::group(['prefix' => 'api', 'namespace' => 'App\Http\Controllers'], function()
{
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
Route::post('register', 'Auth\RegisterController#register');
});
You can delete folder App\Http\Controllers\Api, you can use PREFIX on
your group routes
I fixed it
// AUTH
Route::namespace('Auth')->group(function () {
Route::post('password/email', 'ForgotPasswordController#sendResetLinkEmail');
Route::post('password/reset', 'ResetPasswordController#reset');
Route::post('register', 'RegisterController#register');
});
I'm new to the laravel framework. I bought a project and I installed it but when I try to login to the admin panel localhost/admin/home it redirects me to the first page. Why is this? Is the problem in the authentication?
The template is adminLTE.
This is routes.php:
<?php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Route::group(['middleware' => ['web']], function () {
Route::auth();
Route::get('/', function () {
// $user = Auth::user();
// if($user->id == 2){
return view('welcome');
/* }else{
echo "Site En cours de mise a jours .. Veuillez patienter quelques minutes";
die();
}*/
});
Route::post('/post_login', 'HomeController#post_login');
Route::get('/admin/home', 'AdminController#index');
Route::get('/contact', 'HomeController#contact');
});
Route::group(['middleware' => 'web'], function () {
Route::get('/load_coup/{code}', 'HomeController#load_coup');
Route::get('/get_coup_div/{code}', 'HomeController#get_coup_div');
Route::get('/reset_coupon_div', 'HomeController#reset_coupon_div');
Route::get('/validate_coup/{price}/{type}', 'HomeController#validate_coup');
Route::get('/back', 'HomeController#back');
Route::get('/save/{price}', 'HomeController#save');
Route::get('/get_solde', 'HomeController#get_solde');
Route::get('/bet_list', 'HomeController#bet_list');
Route::get('/bet_list/{code}', 'HomeController#bet_details');
Route::get('/coupon/{id}', 'HomeController#print_coupon');
Route::get('/transaction/', 'HomeController#add_transaction');
Route::post('/transaction/', 'HomeController#store_transaction');
Route::get('/transaction_list/', 'HomeController#transaction_list');
Route::get('/profile/', 'HomeController#profile');
Route::post('/profile/', 'HomeController#edit_profile');
});
Route::group(['prefix' => 'admin', 'middleware' => ['web']], function () {
//Route::auth();
Route::get('/users', 'AdminController#user');
Route::get('/users/{id}', 'AdminController#edit_user');
Route::post('/update_user/', 'AdminController#update_user');
Route::post('/add_transaction/', 'AdminController#add_transaction');
Route::get('/match', 'AdminController#match');
//Route::post('/match', 'AdminController#match');
Route::get('/coupon', 'AdminController#coupon');
Route::get('/coupons/{id}', 'AdminController#edit_coupon');
});
Looks like you don't have admin or correction role. Because of that you are redirected to /.
Look at the post_login function in the HomeController there will be a return view or return redirect. You can change it to go to the view you wish.
I want to prevent the user from clicking back the browsers button. Whenever user logged in and click browser's back button the page redirect back to login which is wrong. I create middleware and register it to the kernel and use it in my route as group but its not working. Here's the code
MIDDLEWARE
<?php
namespace App\Http\Middleware;
use Closure;
class ClearCache
{
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set("Cache-Control", "no-cache,no-store, must-revalidate");
return $response;
}
}
KERNEL
protected $routeMiddleware = [
....
// CUSTOM MIDDLEWARE GOES HERE
'clear.cache' => \App\Http\Middleware\ClearCache::class,
];
ROUTES
<?php
Route::group(['middleware' => 'guest'], function() {
Route::get('/', function () {
return view('welcome');
});
});
Auth::routes();
Route::group(['middleware' => 'auth'], function() {
Route::group(['middleware' => 'clear.cache'], function() {
Route::get('/home', 'HomeController#index');
});
});
After logging in when user clicks back button it redirects back on login page. Logged out is fine. Any help? :(
You can define multiple middleware for one group :
Route::group(['middleware' => ['auth', 'cache.clear']], function() {
But by default Laravel redirects users to $redirectTo defined in your Auth controllers. I don't understand why you are trying to avoid back click.
I Want to skip the middleware for a particular route in a route group. How can I do this?
Route::group(['prefix' => 'testgroup','middleware' => ['login.oauth']],function (){
Route :: get('/', 'testController#index');
Route :: get('/api','testController#apiCall');
});
I want to skip the 'login.oauth' middleware for the Route :: get('/api','testController#apiCall')
Please keep that testgroup function must be accessible to all routes and middleware function to particular(some other route) in the same function
Route::group(['prefix' => 'testgroup'], function () {
Route::group(['middleware' => ['login.oauth'], function() {
Route :: get('/', 'testController#index');
});
Route :: get('/api','testController#apiCall');
});
Just create a second group without the middleware:
Route::group(['prefix' => 'testgroup','middleware' => ['login.oauth']],function (){
Route :: get('/', 'testController#index');
});
Route::group(['prefix' => 'testgroup'],function (){
Route :: get('/api','testController#apiCall');
});