I'm working with Laravel 8 and I want to apply a Middleware that check if user has is_staff or is_superuser set to 1, then he can access to admin dashboard otherwise he can not access it.
So in order to do this, I created this:
public function handle($request, Closure $next)
{
if(Auth::check()) {
if(auth()->user()->isSuperUser() || $request->user()->isStaffUser()) {
return $next($request);
}else{
return redirect('/home');
}
}else{
return redirect('/');
}
}
Now the problem is it returns redirect('/'); meaning that the middleware does not recognize that user is already logged in, however he is signed in.
I have registered the Middleware like this:
protected $routeMiddleware = [
...
'auth.admin' => \App\Http\Middleware\AdminAuthenticated::class,
And apply it to my admin routes (RouteServiceProvider.php):
public function boot()
{
$this->configureRateLimiting();
$this->routes(function () {
...
Route::middleware('auth.admin')
->namespace($this->namespace)
->prefix('admin')
->group(base_path('routes/web/admin.php'));
});
}
And here is admin.php routes:
Route::get('/',function (){
return view('admin.master');
});
So what's going wrong here? How can I solve this issue?
I think you also need to add the web middleware to the admin routes.
public function boot()
{
$this->configureRateLimiting();
$this->routes(function () {
...
Route::middleware(['web', 'auth.admin'])
->namespace($this->namespace)
->prefix('admin')
->group(base_path('routes/web/admin.php'));
});
}
Auth::check() tries to get the currently logged in user from the session.
web middleware group activates session, it has a bunch of middleware applied
//app/Http/Kernel.php
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
Without web middleware session won't be available