I have a Laravel application using the built-in basic Laravel auth, but in addition to being able to authenticate users, I also need to be able to do things like check permissions and authorize them for given controller actions as well as do things like check the subdomain of the site the user is on and allow them access or not accordingly.
For authorization, I came across Spatie and was able to set that up and get it working. It seems to be fine. However, I'm not sure of the best way to integrate it into my controllers.
If possible, I'd like to check Spatie permissions in controller constructors and block access accordingly, as opposed to checking the authorization in every controller action. Is there a good way to do this in Laravel? How can I either point the user to an unauthorized-access view or redirect them to the login screen, etc. from a controller constructor?
Similarly, if a user tries to perform an action that isn't valid for a given subdomain, how can I block them / redirect them from the constructor? Thank you.
Middleware is the way to go... You can use it in the constructor of your controller or in the route.