Search code examples
laravellaravel-4filteraclbefore-filter

Multiple Roles Filters in Laravel Controller Constructor

I have a question about filtering a controller and its actions for multiple user roles. Lets say i have a controller named MyController : 

public class MyController extends \BaseController
{
   public static function index()
   {
   }

   public static function show()
   {
   }

   public static function create()
   {
   }

   public static function store()
   {
   }

   public static function other()
   {
   }
}

And i have 2 filters for each roles, named admin and staff :

Route::filter('admin', function()
{
    // Lines of code to get role
    if($role != 'admin') return View::make('errors.401');
});

Route::filter('staff', function()
{
    // Lines of code to get role
    if($role != 'staff') return View::make('errors.401');
});

Then, i'm trying to use beforeFilter on the constructor of MyController :

public function __construct()
{
    $this->beforeFilter('admin', ['only' => ['index', 'show', 'create', 'store']]);
    $this->beforeFilter('staff', ['only' => ['index', 'show']]);
}

When I added the first beforeFilter, it works as I expected (when I logged in to my application as staff, I cannot access the index, show, create, and store methods). But when I added the second filter and logged in as staff again, I cannot access the index and show actions, which is I expected to be accessible by staff.

My questions are, is it possible to define filters for multiple roles in the constructor of a controller? (In this case, I want to make action index and show accessible by admin and staff, but create and store only accessible by admin) And if it is possible, how could I achieve that?

Thanks.

Solution

  • I assume you have Admin can access all feature, and staff can access everything except "show"

    This is the controller

    class MyController extends \BaseController
{
   public function __construct(){
       $this->beforeFilter('admin', ['only' => ['show']]);
   }    
   public function index()
   {
    echo "index";
   }

   public function show()
   {
    echo "show";
   }
}

    See in your last post, you are using public class, I believe in PHP you will just need class, in function better don't use static.

    Here is the filters.php

    Route::filter('admin', function()
{
    // Lines of code to get role
    if($role != 'admin') return "This is only for admin";
});

    In the routes.php

    Route::get("/my", "MyController@index");
Route::get("/show", "MyController@show");

    Then try to login as admin, you will can access "index" and "show" Then try to login as staff, you will can access "index" but cannot access "show"