I have two different user roles ( admin, sales-admin) I have created a middleware for each of them to see different views, and it works perfectly. on the other hand, I have some public routes everyone can access them
how it's working now:when I login as sales-admin I can see my views + global routes as a logged sales user
what I want is: when I login as sales-admin be able to see my views (www.mywebsite.com.salesadmin) which is working ✔️+ if sales-admin hits a public URL like(www.mywebsite.com) make them logout then be able to see the public routes
You can use a middleware.
App\Http\Middleware\BlockRoles.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class BlockRoles
{
public function handle(Request $request, Closure $next, ...$blockedRoles)
{
$user = $request->user();
// TODO your custom logic to retrieve user role
$userRole = $user?->getRole();
// If role is in the block list
if (in_array($userRole, $blockedRoles)) {
// Logout
Auth::logout();
// Redirect to login page
redirect()->route('login');
}
return $next($request);
}
}
App\Http\Kernel.php
<?php
namespace App\Http;
class Kernel extends HttpKernel
{
...
protected $middlewareAliases = [
...,
'block' => BlockRoles::class,
];
}
routes/web.php
Route::middleware(['block:sales-admin'])->group(function () {
// TODO your global routes here...
});