Search code examples
phplaravelmiddleware

Multiple middleware not working on laravel

I have a route resource group that can only be accessible by one of 2 middleware rules. I have registered them both and they both work independently if I test them both out alone, but when I have them together they don't work

I have tried running them both as either an "or" statement (which means the middleware works as intended) but this means that anyone not logged in can also access the routes for some reason. If I use a comma to separate the middleware, it's blocked for everyone. I know both middleware works ok as they do work if I try them independently. I am using the below code

Route::group(['middleware' => ['IsAdmin' or 'IsPatreon']], function(){
Route::resource('patreon', 'patreonGalleryController', ['names'=>[

  'index'=>'patreonGallery.index',
  'create'=>'patreonGallery.create',
  'store'=>'patreonGallery.store',
  'edit'=>'patreonGallery.edit',
  'show'=>'patreonGallery.show',
  'destroy'=>'patreonGallery.destroy',
  ]]);
});

How can I set it so that only either admin or patreon uses can see the paths?

Solution

  • Two middlewares are working separately. IsAdmin is checking that user is admin IsPatreon is checking that user is patreon...

    You cannot merge these 2 middlewares by OR Operator

    Probably you need to create new middelware, something like IsAdminOrPatreon and do you checks inside of that middleware and assing that middleware to your Group..

    Or you can try with middleware parameters, for example 

    Route::group(['middleware' => ['checkRoles:admin,patreon']], function(){
  Route::resource('patreon', 'patreonGalleryController', ['names'=>[

    'index'=>'patreonGallery.index',
    'create'=>'patreonGallery.create',
    'store'=>'patreonGallery.store',
    'edit'=>'patreonGallery.edit',
    'show'=>'patreonGallery.show',
    'destroy'=>'patreonGallery.destroy',
  ]]);
});

    And in you checkRoles middleware get the admin and patreaon roles like this: 

    public function handle($request, Closure $next) {

    // will contain ['role1', 'role2']
    $allowedRoles = array_slice(func_get_args(), 2);

    // here you can loop and check your roles
}

    Note! If you pass 'checkRoles:admin,patreon' you will get 

    array(admin,patreon)

    If you pass 'checkRoles:admin' you will get 

    array(admin)