I created a middle to prevent a user to not to insert or update anything. I am on Laravel 5.6
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class LimitDemoUser
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$userId = Auth::id();
if(request()->method() != "GET" && request()->method() != "HEAD" && $userId == 6) {
abort(403);
}
return $next($request);
}
}
I registered it to kernel like this ( LimitDemoUser )
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\LimitDemoUser::class,
];
But when I dd(Auth::id()); I got null rather than gettin loggedin user id
What am I missing here?
I suppose I don't have o add anything to routemiddleware
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
My LoginController is below. Maybe it may help
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/login';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function logout()
{
$this->guard()->logout();
return redirect()->route('login');
}
}
I found the solution in this page. https://laracasts.com/discuss/channels/laravel/current-user-in-middleware
OP stated
i have added the following code in the global middleware and nou is het working
\App\Http\Middleware\EncryptCookies::class, \Illuminate\Session\Middleware\StartSession::class,
It is dirty but it worked. I don't think that this is the best practice but it solved the problem. Since we found the problem, from here can someone suggest a decent solution?