Search code examples
phplaravelmaintenance-mode

Getting user current status in laravel middleware

I am using this package for maintenance but to define what user can have access to the site during down time and what user can't I have issue.

during passed few days I was searching and I read a lot, that because main controller loads after middleware it can't detect user status whether is login or not. (I have no idea on that I just saw that repeatedly)

Anyway here is the issue:

I want allow users with role of Admin access to the site in down time, And visitors, other group of users don't.

What I did so far

based on package documentation I've made custome file in App\Exemptions\AdminExemption.php with this data:

<?php

namespace App\Exemptions;

use Auth; use Config; use App\User; use MisterPhilip\MaintenanceMode\Exemptions\MaintenanceModeExemption;

class AdminExemption extends MaintenanceModeExemption {
    public function isExempt()
    {

      if (Auth::check() && Auth::user()->role == 'Admin') {
          return true;
      }
      else {
         return false;
      }
        //if user is logged and it's admin show the site

        //if user is logged and isn't admin hide the site

        //if user isn't logged (is visitor) hide the site
    } }

I register this file in package config file config\maintenancemode.php

'exemptions' => [
        App\Exemptions\AdminExemption::class,
],

and replaced package class with laravel default in Kernel

protected $middleware = [
        // \App\Http\Middleware\CheckForMaintenanceMode::class,
        \MisterPhilip\MaintenanceMode\Http\Middleware\CheckForMaintenanceMode::class,
//others...
]

Issue

Auth::check() or auth()->user() or Auth::user() none of this can detect logged user and assume the user is not login (is visitor). So the website is shut for everyone even admins.

Question

How can I get the real status of my current user in AdminExemption.php file?

Status

  1. Is user (is admin) show the site
  2. Is user (isn't admin) don't show the site
  3. Is not user (visitor) don't show the site

Any idea?

Solution

  • You've registered the middleware in the main middleware stack, which will occur before it gets to the middleware groups. You'll likely want to move the middleware lower down in the Kernel into the web middleware stack. This is because Laravel will only be aware of a logged in user if there is a session - and the session is only started in the web stack.

    protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

    You'll need to place the middleware after the StartSession middleware - but you're probably best just to pop it on to the end there, and then the logged in status should be available in your middleware.