I have a problem with the laravel can middleware. I can not make use of it on two different roles.
Here is a small appercu of my code:
Route::group(['prefix' => '','middleware' => 'can:super_admin'], function () {
Route::group(['prefix' => 'dashboard'], function () {
Route::get('dashboard', 'SuperAdminController@getDashboardData');
});
....
});
Route::group(['prefix' => '','middleware' => 'can:admin'], function () {
Route::group(['prefix' => 'dashboard'], function () {
Route::get('dashboard1', 'AdminController@getDashboardData');
});
...
});
Can anyone help me use both routes with the laravel middleware API?
The API (routes) automatically disable the session to guarantee a session-less experience. Any middleware that uses the session such as verifying if a user is an admin or not, will automatically not work because there's no session to check for the user.
You have two solutions here. You can either enable the session middleware for your api routes or you can authorize your users without using the session.