I am working on a project with multiple authentication that has admins, students and teachers as three levels of authentication. I have changed default authenticable user model to student and added two more authenticable models that have their own logins.
I have the CourseController as follows:
use App\Course;
use App\Invoice;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class CourseController extends Controller
{
public function __construct()
{
$this->middleware('auth', ['only' => ['index']]);
$this->middleware('auth:teacher', ['only' => ['index']]);
$this->middleware('auth:admin', ['only' => ['index', 'create', 'store', 'edit', 'update', 'delete', 'search', 'destroy']]);
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
$data = Course::get();
if (Auth::user()->role == 'admin') {
return view('admin.course.index', compact('data'));
} elseif (Auth::user()->role == 'student') {
return view('student.course.index', compact('data'));
} elseif (Auth::user()->role == 'teacher') {
return view('teacher.course.index', compact('data'));
}
}
}
config/auth.php as follows:(default guard is student)
'defaults' => [
'guard' => 'web',
'passwords' => 'students',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'students',
],
'api' => [
'driver' => 'token',
'provider' => 'students',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
'admin-api' => [
'driver' => 'token',
'provider' => 'admins',
],
'teacher' => [
'driver' => 'session',
'provider' => 'teachers',
],
'teacher-api' => [
'driver' => 'token',
'provider' => 'teachers',
],
],
My problem:
I want CourseController@index to be accessible for all three guards and pass the $data to their respective view. How would I modify the CourseController so that I can achieve this?? Please help
If you have any other ideas you can suggest me that too...
Thanks for the awesome submission! I ran into this problem myself a little while back and realized that doing things in just middleware was not the way to go.
I found that using Gates and Policies where the best route to take. So basically what this means is, each User has a Role, that Role has a Permission, and you are able to use the Blade @can directive to restrict access to certain parts of your site.
You can also use the middleware('can:accessCourse') method chaining in your web.php routes file (HTTP Routes Definition File) to make sure that the route is 'locked down' so to say. If you're using the Route::resource definition, then you can add the line $this->authorize('course.index'); to your index public function.
Using the constructor on your controller is great, but you should only use one middleware for that. I.E. $this->middleware('auth:admin'); Then once that person has 'admin' access, you can check to see if they have the Role and subsequent Permissions to do whatever it is you want.
Heres a short diagram I drew up showing what's going on in the background and to summarize all the stuff I just said.
https://drive.google.com/file/d/1uAcL7awPdxVai590WNuJFvDM_wIpsuYo/view?usp=sharing
Also BitFumes on Youtube has a tutorial series on how to create Admin Roles, Permissions, Defining Gates, Adding Policies, and using 'can' middleware on your Routes! Thats where I learned from myself! Now, he might be a little hard to understand as English isn't his first language, but he knows his stuff!
This link starts half way through a playlist about making a Blog, and starts with making administrator roles! :P
https://www.youtube.com/watch?v=aY7X5v37Ebk&index=25&list=PLe30vg_FG4OTELVqQgHaMaq2oELjpSWy_
Hope that this answer has helped you and guided you towards finding a solution to your problem!