Search code examples
phplaraveleloquentmiddlewarelaravel-5.6

Laravel 5.6 custom middleware breaking Model Binding

This is my routes/api.php

Route::group([
    'middleware' => 'jwt.auth',
], function ($router) {

    //Route group with my custom middleware
    Route::group([
        'middleware' => CheckPermission::class
    ], function ($router) {

        Route::group([
            'prefix' => 'permissions'
        ], function($router) {

            Route::resources([
                'users' => 'UserPermissionController'
            ]);
        });

    });

});

And this is my controller method that i'm trying to use:

public function update(Request $request, User $user)
{
    dd($user);
}

EDIT: My CheckPermission middleware:

namespace App\Http\Middleware;

use Closure;

use Illuminate\Support\Facades\Auth;

use Illuminate\Routing\Router;

use App\MethodModuleUser;

class CheckPermission
{

    protected $router;

    public function __construct(Router $router)
    {
        $this->router = $router;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        $method = $request->method();
        $path = $this->router->getRoutes()->match($request)->uri;
        $path = str_replace('api/', '', $path);

        $permissions = MethodModuleUser::with([
            'user',
            'module',
            'method'
        ])->whereHas('user', function($query) {
            $query->where('id', Auth::id());
        })->whereHas('module', function($query) use ($path) {
            $query->where('url', $path);
        })->whereHas('method', function($query) use ($method) {
            $query->where('name', strtoupper($method));
        })->count();

        if($permissions <= 0) {
            return response()->json([
                'message' => 'No tiene los privilegios para realizar esta acción'
            ], 403);
        }

        return $next($request);
    }
}

When i use my custom middleware, the model binding doesn't work and $user is just an empty model, but when i comment the 'middleware' => CheckPermission::class line, the Model Binding works well.

What i'm doing wrong?

Solution

  • Okay, i don't know if this is a good practice, but i fixed it. I'll post my solution if anyone have this problem too:

    In the CheckPermission middleware, i replaced the return $next($request) by calling the SubstituteBindings middleware like this:

    return app(\Illuminate\Routing\Middleware\SubstituteBindings::class)
    ->handle($request, function($request) use ($next) {
        return $next($request);
    });

    EDIT:

    Another way to fix the issue was using $request->route()->uri in the CheckPermission middleware instead finding it with the Router as Ross Wilson said in the comment. Now the __construct(Router $router) and calling the SubstituteBindings middleware are no longer required.