Hello i have 2 level users:
1 Super admin who is able to see and do everthing
2 TD which is able to only see stuff and not change anything
I made 2 middleware:
1 auth.superadmin and 1 auth.td
My routes:
Route::group(['middleware' => ['auth.superadmin']], function() {
Route::get('/users/{id}/destroy', 'UsersController#destroy');
Route::get('/searchuser', 'UsersController#searchuser');
Route::get('/users/create-worker', 'UsersController#getcreateworker');
Route::post('/users/post-create-worker', 'UsersController#postcreateworker');
Route::get('/users/create-agent', 'UsersController#getcreateagent');
Route::post('/users/post-create-agent', 'UsersController#postcreateagent');
Route::get('/users-optima', 'UsersController#indexoptima');
Route::resource('/users', 'UsersController');
Route::patch('/retours/{id}/postupdatefill','RetoursController#postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController#addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController#removepart');
Route::post('/retours/{retourid}/garantie','RetoursController#postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController#searchpart');
Route::get('/searchpart', 'PartsController#searchpart');
Route::resource('/parts', 'PartsController');
});
Route::group(['middleware' => ['auth.td']], function() {
Route::get('/users/{id}/destroy', 'UsersController#destroy');
Route::get('/searchuser', 'UsersController#searchuser');
Route::resource('/users', 'UsersController',
['only' => ['index']]);
Route::patch('/retours/{id}/postupdatefill','RetoursController#postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController#addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController#removepart');
Route::post('/retours/{retourid}/garantie','RetoursController#postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController#searchpart');
Route::get('/searchpart', 'PartsController#searchpart');
Route::resource('/parts', 'PartsController');
});
My middelware:
superadmin
if (auth()->check() && auth()->user()->level == 1) {
return $next($request);
}
return abort(404, 'no entry to this page');
TD
if (auth()->check() && auth()->user()->level == 2) {
return $next($request);
}
return abort(404, 'no entry to this page');
I tried beginning with /Users.
TD can only see the index at /Users.
When i do it this way the auth.superadmin cannot see index#/users...
Am i doing it wrong?
Any help is appreciated.
You can modify your routes and its groups like this:
Route::group(['middleware' => ['auth.td']], function() {
Route::get('/users/{id}/destroy', 'UsersController#destroy');
Route::get('/searchuser', 'UsersController#searchuser');
Route::resource('/users', 'UsersController',['only' => ['index']]);
Route::patch('/retours/{id}/postupdatefill','RetoursController#postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController#addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController#removepart');
Route::post('/retours/{retourid}/garantie','RetoursController#postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController#searchpart');
Route::get('/searchpart', 'PartsController#searchpart');
Route::resource('/parts', 'PartsController');
Route::group(['middleware' => ['auth.superadmin']], function() {
Route::get('/users/{id}/destroy', 'UsersController#destroy');
Route::get('/searchuser', 'UsersController#searchuser');
Route::get('/users/create-worker', 'UsersController#getcreateworker');
Route::post('/users/post-create-worker', 'UsersController#postcreateworker');
Route::get('/users/create-agent', 'UsersController#getcreateagent');
Route::post('/users/post-create-agent', 'UsersController#postcreateagent');
Route::get('/users-optima', 'UsersController#indexoptima');
Route::resource('/users', 'UsersController');
Route::patch('/retours/{id}/postupdatefill','RetoursController#postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController#addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController#removepart');
Route::post('/retours/{retourid}/garantie','RetoursController#postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController#searchpart');
Route::get('/searchpart', 'PartsController#searchpart');
Route::resource('/parts', 'PartsController');
});
});
and your auth:td middleware should be like this:
if (auth()->check() && (auth()->user()->level == 1 || auth()->user()->level == 2)) {
return $next($request);
}
return abort(404, 'no entry to this page');
Just for your knowledge you can either remove the outer middleware (auth:td) as both users can use the routes under it. But I haven't done that because I think you have more users in your system.
Hope this helps!
Related
I have a project which have multiple subdomains.
for example I have a subdomain for Students which goes to a student controller and it looks like this:
Route::domain('students.domain.test')->group(function () {
Route::get('/', function () {
return "done reaching the students page";
});
});
The second type of domains is "domain.test" and any subdomain which I'm checking in the request level and that's fine too.
Route::get('/', [HomeController::class, 'index'])->name('index');
But before the second type of domains I want to make subdomain for specific types of Entities which I have in the database.
Route::domain('{someTypes}.domain.test')
->group(function () {
Route::get('/', function () {
return "done reaching SomeTypes Page";
});
});
My Entity table have these attributes: Id, Title, Type "which I want to check if the type is 5".
I tried to use the middleware:
public function handle($request, Closure $next, ...$types)
{
$currentEntity = app('current_entity');
if ($currentEntity->entityType()->whereIn('title->en', $types)->exists()) {
return $next($request);
}
abort(404, 'Sorry, Request Not Found');
}
and I applied it to my routes like this:
Route::group([
'middleware' => ['type:journal']
],function () {
Route::get('/', function(){
return 'journals logic goes here';
});
});
and I have another middleware to ignore types like this:
public function handle($request, Closure $next, ...$types)
{
$currentEntity = app('current_entity');
if ($currentEntity->entityType()->whereIn('title->en', $types)->exists()) {
abort(404, 'Sorry, Request Not Found');
}
return $next($request);
}
and applied it to the other routes like this:
Route::group([
'middleware' => ['except_entity:journal']
], function(){
Route::get('/', function(){
return 'default pages when journals fails';
})->name('index');
I hope its clear what I'm trying to achieve.
First, you need a check what version laravel that you used?
You need to use Middleware. And I think, method to code with laravel 6, 7, or 8, is a little bit different.
Can you give us more information about your code, so we can help it easier?
in my application there are three routes which can be accessed by admin and superadmin Middleware but these routes only working in one Middleware i.e. superadmin Middleware.
This is my routes file what i am doing wrong here
// Admin Routes
Route::middleware(['admin'])->group(function () {
Route::get('admin', 'AdminController#index');
Route::get('admin/members', 'AdminController#members');
Route::get('admin/members/all', 'AdminController#membersAll');
Route::get('admin/members/unpaid', 'AdminController#membersUnpaid');
Route::post('admin/members/all', 'AdminController#membersAllAjax');
Route::get('admin/member/detail/{id}', 'AdminController#memberDetails')
->name('memberdetails');
Route::get('admin/member/remove/{id}', 'AdminController#memberRemove');
Route::get('admin/member/block/{id}', 'AdminController#memberBlock');
Route::get('admin/member/unblock/{id}', 'AdminController#memberunBlock');
Route::post('admin/member/ajax', 'AdminController#memberunAjax');
Route::get('admin/member/add', 'AdminController#addMember');
Route::post('admin/member/add', 'AdminController#addMemberDB');
Route::post('admin/send/message/all', 'AdminController#sendMessageAll');
Route::post('admin/send/message/single','AdminController#sendMessageSingle');
Route::post('admin/update/invoice', 'AdminController#updateInvoice');
Route::post('admin/user/to/member', 'AdminController#addUserMemberDB');
Route::get('admin/activities', 'AdminController#activities');
Route::post('admin/activities', 'AdminController#activitiesAdd');
Route::get('admin/donation', 'AdminController#donation');
Route::post('admin/edit/user/profile', 'AdminController#editUser');
});
// Admin and SubAdmin Routes
Route::middleware(['superadmin'])->group(function () {
Route::get('admin/members/all', 'AdminController#membersAll');
Route::post('admin/members/all', 'AdminController#membersAllAjax');
Route::get('admin/member/detail/{id}', 'AdminController#memberDetails')
->name('memberdetails');
Route::get('subAdmin', 'SuperAdminController#index');
});
Rewrite your routes using Route::group
Route::group(['prefix' => 'admin', 'middleware' => 'admin'], function () {
Route::get('/', 'AdminController#index');
Route::group(['prefix' => 'member'], function () {
Route::get('remove/{id}', 'AdminController#memberRemove');
Route::get('block/{id}', 'AdminController#memberBlock');
Route::get('unblock/{id}', 'AdminController#memberunBlock');
Route::post('admin/member/ajax', 'AdminController#memberunAjax');
Route::get('admin/member/add', 'AdminController#addMember');
Route::post('admin/member/add', 'AdminController#addMemberDB');
Route::group(['middleware' => 'superadmin'], function () {
Route::get('detail/{id}', 'AdminController#memberDetails')
->name('memberdetails');
});
});
Route::group(['prefix' => 'members'], function () {
Route::get('/', 'AdminController#members');
Route::get('unpaid', 'AdminController#membersUnpaid');
Route::get('detail/{id}', 'AdminController#memberDetails')
->name('memberdetails');
Route::group(['middleware' => 'superadmin'], function () {
Route::get('all', 'AdminController#membersAll');
Route::post('all', 'AdminController#membersAllAjax');
});
});
Route::group(['prefix' => 'send/message'], function () {
Route::post('all', 'AdminController#sendMessageAll');
Route::post('single','AdminController#sendMessageSingle');
});
Route::group(['prefix' => 'activities'], function () {
Route::get('/', 'AdminController#activities');
Route::post('/', 'AdminController#activitiesAdd');
});
Route::post('update/invoice', 'AdminController#updateInvoice');
Route::post('user/to/member', 'AdminController#addUserMemberDB');
Route::get('donation', 'AdminController#donation');
Route::post('edit/user/profile', 'AdminController#editUser');
});
the second configuration of the route Route::get('admin/members/all') wich needs to validate the superadmin middleware overwrites the first one wich only need to satisfy adminmiddleware.
if you try to access that route with superadmin priviledge, it will work.
now, if you want both admin && superadmin to access it, put only one configuration in the admin middleware group if the superadmin satisfies it too.
// Admin and SuperAdmin Routes
Route::group(['middleware' => ['admin']], function() {
Route::get('admin', 'AdminController#index');
Route::get('admin/members', 'AdminController#members');
}
//only SuperAdmin Routes
Route::group(['middleware' => ['superadmin']], function() {
Route::get('admin/members/all', 'AdminController#membersAll');
}
otherwise, make another middleware adminAndSuperAdmin for those routes.
// Admin only Routes
Route::group(['middleware' => ['admin']], function() {
Route::get('admin', 'AdminController#index');
}
//superAdmin only Routes
Route::group(['middleware' => ['superadmin']], function() {
Route::get('subAdmin', 'SuperAdminController#index');
});
//Admin and SuperAdmin Routes
Route::group(['middleware' => ['adminAndSuperAdmin']], function() {
Route::get('admin/members', 'AdminController#members');
Route::get('admin/members/all', 'AdminController#membersAll');
}
In the routes app/routes/web.php I have a group with a bunch of routes for resources:
Route::group(['middleware' => 'auth'], function()
{
Route::get('/points', 'PagesController#points');
Route::get('/users', 'PagesController#users');
Route::get('/users/groups', 'PagesController#user_groups');
Route::resource('point', 'PointController');
Route::resource('user', 'UserController');
Route::resource('users/group', 'UserGroupController');
});
Auth::routes();
Route::get('/logout', 'Auth\LoginController#logout')->name('logout');
And now I want to distribute routes in this group by user parameter:
use App\UserGroup;
$access = UserGroup::find( auth()->user()->group_id )->access;
Route::group(['middleware' => 'auth'], function()
{
if ($access == 1) {
Route::get('/points', 'PagesController#points');
Route::get('/users', 'PagesController#users');
Route::get('/users/groups', 'PagesController#user_groups');
Route::resource('point', 'PointController');
Route::resource('user', 'UserController');
Route::resource('users/group', 'UserGroupController');
}
});
But I can't get user params right in the Route::group because an error occurs: Trying to get property 'group_id' of non-object
How to get auth()->user()->group_id in app/routes/web.php before middleware?
Use $access param in callback
$access = UserGroup::find( auth()->user()->group_id )->access
Route::group(['middleware' => 'auth'], function() use ($access)
{
if ($access == 1) {
Route::get('/points', 'PagesController#points');
Route::get('/users', 'PagesController#users');
Route::get('/users/groups', 'PagesController#user_groups');
Route::resource('point', 'PointController');
Route::resource('user', 'UserController');
Route::resource('users/group', 'UserGroupController');
}
});
U can create middleware 'GroupAccess'. Then assign it to alias, i.e.
'groupAccess' => \App\Http\Middleware\GroupAccess::class
Finally in it's handle method check your condition
public function handle($request, Closure $next)
{
if (UserGroup::find( auth()->user()->group_id )->access === 1)
return $next($request);
else
return back();
}
Then just specify this middleware in route group
Route::group(['middleware' => ['auth','groupAccess']], function()
{
Route::get('/points', 'PagesController#points');
Route::get('/users', 'PagesController#users');
Route::get('/users/groups', 'PagesController#user_groups');
Route::resource('point', 'PointController');
Route::resource('user', 'UserController');
Route::resource('users/group', 'UserGroupController');
});
Goal: I want to make route filter in Laravel 4 using Route::group and Route::filter
Description
I have 2 types of user :
Internal
Distributor
For, Internal, I have 2 groups:
admin
regular
For Distributor, I have 4 groups:
gold
silver
bronze
oem
Eligible Route
OEM Distributor are eligible for only 5 routes.
Route::get('distributors/{id}', array('before' =>'profile', 'uses'=>'DistributorController#show'));
Route::get('distributors/{id}/edit', 'DistributorController#edit');
Route::put('distributors/{id}/update', array('as'=>'distributors.update', 'uses'=>'DistributorController#update'));
Route::get('catalog_downloads','CatalogDownloadController#index');
Route::get('catalog_downloads/{id}/download','CatalogDownloadController#file_download');
Regular Distributor are eligible for 8 routes.
Route::get('distributors/{id}', array('before' =>'profile', 'uses'=>'DistributorController#show'));
Route::get('distributors/{id}/edit', 'DistributorController#edit');
Route::put('distributors/{id}/update', array('as'=>'distributors.update', 'uses'=>'DistributorController#update'));
Route::get('catalog_downloads','CatalogDownloadController#index');
Route::get('catalog_downloads/{id}/download','CatalogDownloadController#file_download');
Route::get('marketing_materials','MarketingMaterialController#index');
Route::get('marketing_materials/{id}/download/thumb_path','MarketingMaterialController#thumb_download');
Route::get('marketing_materials/{id}/download/media_path','MarketingMaterialController#media_download');
Code
filters.php
routes.php.
Questions
Can someone please help me or at least direct me to the right direction ?
First off: It's not possibble to declare a route that results in the same URL twice. Whether it's in a group or not. (Well if you have a group with prefix it's possible because a prefix changes to URL of the route)
You have to solve this problem by intelligent filtering
This is the simplest solution I've come up with:
Route::filter('distributor', function(){
$user = Auth::user();
if($user->type == "Distributor"){
return true;
}
if (Request::ajax()){
return Response::make('Unauthorized', 404);
}
return View::make('errors.404_auth');
});
Route::filter('distributor.regular', function(){
$user = Auth::user();
if($user->type == "Distributor"){
if($user->distributor()->type != 'OEM'){
return true;
}
}
if (Request::ajax()){
return Response::make('Unauthorized', 404);
}
return View::make('errors.404_auth');
});
The distributor filter checks just if the user is of type Distributor. The second filter, distributor.regular, checks if the distributor is not an OEM. (If you're wondering, the dot in distributor.regular has no special function or deeper meaning. I just like to write it like that)
Route::group(['before' => 'distributor'], function(){
Route::get('distributors/{id}', array('before' =>'profile', 'uses'=>'DistributorController#show'));
Route::get('distributors/{id}/edit', 'DistributorController#edit');
Route::put('distributors/{id}/update', array('as'=>'distributors.update', 'uses'=>'DistributorController#update'));
Route::get('catalog_downloads','CatalogDownloadController#index');
Route::get('catalog_downloads/{id}/download','CatalogDownloadController#file_download');
Route::group(['before' => 'distributor.regular'], function(){
Route::get('catalog_downloads', 'CatalogDownloadController#index');
Route::get('catalog_downloads/{id}/download', 'CatalogDownloadController#file_download');
Route::get('marketing_materials', 'MarketingMaterialController#index');
Route::get('marketing_materials/{id}/download/thumb_path', 'MarketingMaterialController#thumb_download');
Route::get('marketing_materials/{id}/download/media_path', 'MarketingMaterialController#media_download');
});
});
This should already work with the use-cases you posted. However we can make the filters more flexible and also reduce redundant code.
function makeError404(){
if (Request::ajax()){
return Response::make('Unauthorized', 404);
}
return View::make('errors.404_auth');
}
Route::filter('distributor', function(){
$user = Auth::user();
if($user->type == "Distributor"){
return true;
}
return makeError404();
});
Route::filter('distributor.group', function($route, $request, $value){
$groups = explode(';', $value);
$user = Auth::user();
if($user->type == "Distributor"){
if(in_array($user->distributor()->type, $groups)){
return true;
}
}
return makeError404();
});
Now we can dynamically specify in which group the user has to be...
Route::group(['before' => 'distributor'], function(){
// distributor routes
Route::group(['before' => 'distributor.group:gold;silver;bronze'], function(){
// regular routes
});
});
You can follow a path like this
class UserController extends BaseController {
/**
* Instantiate a new UserController instance.
*/
public function __construct()
{
$this->beforeFilter('employee', array('only' => 'index'));
}
}
I am having trouble getting filters to work in Laravel 4.
Here is my code:
/**
* filters.php
**/
Route::filter('isAdmin', function()
{
if (Auth::check())
{
if(Auth::user()->level == 'User')
return Redirect::to('/');
}
return Redirect::to('/auth/login');
}); Route::when('admin/*', 'isAdmin');
/**
* routes.php
**/
Route::get('admin/home', 'AdminController#home'));
Route::get('admin', 'AdminController#home');
I don't understand why this filter doesn't work. This filter are totally ignored in route /admin/*. I want that only a logged admin can see the admin panel.
It's because of the slash, your filter is working with 'admin/home' but not with 'admin' route. Write this for both routes to be filtered.
Route::when('admin*', 'isAdmin');
or better
Route::group(array('prefix' => 'admin', 'before' => 'isAdmin'), function()
{
Route::get('home', 'AdminController#home'));
Route::get('/', 'AdminController#home');
});