I am creating an Admin Panel and I have problem with the access , I am using One-to-Many relation and I have the table user with role_id=3.
This middleware works correctly but I need to protect the routes correctly.
class Administrador
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('/administrador');
}
}
return $next($request);
}
}
The routes are correctly set, but I don't know how to send the user's role in this Middleware.
...
EDIT
If you want to combine in one middleware Administrador it would be:
class Administrador
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $roles = null, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('/administrador');
}
}
$roles = explode('|', $roles);
if (! in_array(Auth::guard($guard)->user()->role_id, $roles) {
return response('Unauthorized.', 401);
}
return $next($request);
}
}
Example usage on route:
Route::group(['middleware' => 'administrador:1|2'], function () {});
administrador:1|2 replace the value with your role ids separated by |, if you want to use another guard then you can pass it as second parameter, example: administrador:1|2,custom_guard. This way you can define multiple roles that able to access your admin screen.
If you would rather want to use one fixed role:
class Administrador
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('/administrador');
}
}
if (Auth::guard($guard)->user()->role_id !== 3) {
return response('Unauthorized.', 401);
}
return $next($request);
}
}