i want to show a 404 error page if the user try to access to de admin page if he is not logged or if he dont have the 'Admin' type. This work fine if the user is logged in, if not the user access to the admin panel. If i remove the if(Auth::check()) the script shows a Trying to get property of non-object error.
class AdminMiddleware {
public function handle($request, Closure $next)
{
if(Auth::check()){
if ($request->user()->type != 'Admin'){
return abort(404);
}
}
return $next($request);
}
}
Try this
class AdminMiddleware {
public function handle($request, Closure $next)
{
if(Auth::check()){
if ($request->user()->type != 'Admin'){
return abort(404);
}
}else{
return abort(404);
}
return $next($request);
}
}
It should check if user is logged in and if so check if hes and admin, if hes not logged in show him the 404
or a shorter version
class AdminMiddleware {
public function handle($request, Closure $next)
{
if(Auth::check() && $request->user()->type == 'Admin'){
return $next($request);
}
return abort(404);
}
}
Related
I've been stuck here for a while. I hope I can clearly explain the issue. I'm trying to have separate pages for admin and user. For that, I have created an admin middleware. Now when I login, it redirects me to the same page either its admin or user. I want it to go to admin dashboard when admin logs in and to the user home when user logs in. I hope the issue is clear.
Here is the AdminMiddleware code:
public function handle($request, Closure $next)
{
if(Auth::user()->user_type == 'admin') //If usertype is admin
{
return $next($request);
}
else {
return redirect('home');
}
}
Here are the routes code:
Route::get('/','HomeController#index');
//For Admin
Route::group(['middleware' => ['auth','admin']], function() {
Route::get('/admin','HomeController#home_page');
Route::get('/users-list', 'UserController#users_list');
});
Here is the HomeController code:
public function index()
{
return view('home', compact('currantWorkspace'));
}
I've added the Middleware path to kernel.php file.
I'll be happy to provide any other details if needed. Any solutions/suggestions will be highly appreciated.
Edit
I've tried this, but still issue.
protected function redirectTo(){
if (Auth::user()->user_type != 'admin') {
return 'admin';
//return redirect('/admin');
}
else {
return 'home';
//return redirect('/');
}
}
I think the redirectTo function is not working, or not checking the if/else conditions
Why don't you create an 'if, else' statement in your login function like:
if(Auth::user()->user_type == "Admin"){
return Redirect::route('dashboard');
}else if(Auth::user()->user_type == "Standard User"){
return Redirect::route('home');
}
Change the route as follows.
Route::get('/','HomeController#index')->name('home');
Route::group(['middleware' => ['auth','admin']], function()
{
Route::get('/admin','HomeController#home_page')->name('admin.home');
Route::get('/users-list', 'UserController#users_list');
});
Change the redirect statement in middleware as
public function handle($request, Closure $next)
{
if(Auth::user()->user_type == 'admin') //If usertype is admin
{
return $next($request);
}
else
{
return redirect()->route('home');
OR
return redirect('/');
}
}
There are a few problems, currently, the key thing is that the middleware you defined is not being called when anyone tries to log in.
To make it work I think you just need to add this to your LoginController.php
protected function authenticated()
{
if (Auth::user()->user_type == 'admin') {
return redirect('dashboard');
}
return redirect('home');
}
This method basically tells laravel what you want to do after the user is logged in.
I'm trying to implement a middleware in Laravel 5.8 which checks if a value is true for a model Customer. I want the app routes to redirect to a route ('login'), for the api routes I want to give a 401 response. I think I'm overseeing something.
This is my Middleware which works for the app routes, but I can't get the middleware to handle the unauthorized requests ($user['dropshipping'] === false) correctly..
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user instanceof Customer) {
if ($user->guard(['web'])['dropshipping']) {
return $next($request);
} elseif($user->guard(['customer-api'])['dropshipping']) {
return $next($request);
} else {
return redirect(route('login'))->with('error', 'Account not activated, please contact TWM BV.');
}
} else {
return $next($request);
}
}
Guards are associated to Auth not to users.
So you can use Auth::guard('guard-name') or auth()->guard('guard')
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user instanceof Customer) {
if (auth()->guard('web')->user()->dropshipping) {
return $next($request);
} elseif(auth()->guard('customer-api')->user()->dropshipping) {
return $next($request);
} else {
return redirect(route('login'))->with('error', 'Account not activated, please contact TWM BV.');
}
} else {
return $next($request);
}
}
I am using laravel quickadmin to create an admin section
https://github.com/LaravelDaily/quickadmin
It allows to create roles and users based on roles. How can i redirect users of a specific role into website and not admin.
Many thanks
change the following in the middleware
public function handle($request, Closure $next)
{
if ($request->user() != null && $request->user()->permissionCan($request)) {
return $next($request);
}
abort(403);
return false;
}
to (alter "specific role" and "your route" as you wish)
public function handle($request, Closure $next)
{
if ($request->user() != null && $request->user()->permissionCan($request)) {
$response = $next($request);
if( $request->user()->role() == 'specific role'){
redirect()->route('your route');
}
return $response;
}
abort(403);
return false;
}
I have two login forms with two different tables.One is default with /login route and the other has route /myportal. I have extra logincontroller
protected $redirectTo = '/student-home';
public function showLoginForm()
{
return view('my_portal');
}
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->flush();
$request->session()->regenerate();
return redirect('/my_portal');
}
protected function guard()
{
return Auth::guard('web_student');
}
public function username ()
{
return 'username';
}
This login is working fine. But, I am having problem with RedirectIfAuthenticated
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/home');
}
else if(Auth::guard('web_student')->check())
{
return redirect('student-home');
}
return $next($request);
}
Now, if the user is already logged in, it is redirected to /student-home only if the route is /login and not /my-portal. i.e only if i click on regular form not this extra form I created. How can I redirect to student-home if user clicked on /my-portal?
You can connect a controller to the my-portal route with :
Route::get('test', 'exampleController#example') ;
Then in the controller function, you can check if the user is already logged in by
public function example() {
if(Auth::check()) {
//This condition will run if the user is logged in !
return redirect('student-home');
}
//Do whatever you want if user is not logged in!
}
Hopefully, this answers your question!
Please change your RedirectIfAuthenticated middleware like this
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
if(guard == 'web_student') {
return redirect('student-home');
}else return redirect('/home');
}
return $next($request);
}
The problem with your code is that the following segment will always true if a user is logged in. You have to check for whether or not a specific guard is set, inside this if statement if you want to redirect them accordingly.
if (Auth::guard($guard)->check()) {
return redirect('/home');
}
I created a middleware to check if a user is admin or editor, but for some reason in my if statement when i use the OR operator to check if the user has access, it doesnt work, it accepts the first property statement, but not after the OR operator.
To work i need to separate each condition of account type.
For example:
Code dont work:
public function handle($request, Closure $next)
{
if(Auth::user()->account_type_id == '1' || Auth::user()->account_type_id == '2') // is an admin
{
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin. redirect whereever you like
}
Code that Works:
public function handle($request, Closure $next)
{
// dd($request->all());
if(Auth::user()->account_type_id == '1') // is an admin
{
return $next($request); // pass the admin
}
if(Auth::user()->account_type_id == '2') // is an admin
{
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin. redirect whereever you like
}
Does anybody no whats wrong?
I would create an array and check the condition again the array of possible solutions.
public function handle($request, Closure $next)
{
$accountTypes = array('1','2');
if (in_array(Auth::user()->account_type_id, $accountTypes)) {
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin
}
Try using the in_array function, this will also make your code more readable and easy to maintain.
public function handle($request, Closure $next)
{
if (in_array(Auth::user()->account_type_id, ['1', '2'])) // is an admin
{
return $next($request); // pass the admin
}
return redirect('/admin'); // not admin. redirect whereever you like
}
I don't know why the second one work but here is mine and it works fine give it a try
public function handle($request, Closure $next)
{
$user = $request->user();
if ($user->role == 1 || $user->role == 2) {
return $next($request);
}
else{
return redirect(url('/admin'));
}
}