3

I'm trying to restrict the access of routes to only some types of users in my site that I'm writing with Laravel 5.7, right now I'm trying to do it with middlewares.

For each user's level I have a middleware with this code(with a variation on the type):

public function handle($request, Closure $next)
{
    if(Auth::user()->type==3)
        return $next($request);
    else
        return redirect()->route('dashboard');
}

And in the kernel.php file, I have them written like this:

protected $routeMiddleware = [
    ...
    'teacher' => \App\Http\Middleware\RedirectIfTeacher::class,
    ...
]

In my application each user has a level, which starts from 1 to 5, but each level has individual views and some shared views, but I can't manage to redirect views for more than just one type of user because I can't make them work when I use more than one middlewares on a route (or routes) that are shared with more than two types of users.

When I try it justs ignores the second or more middlewares and redirects to the route dashboard which is the route for redirecting if the type of user can't enter the desired view.

Right now I've tried with this code:

Route::group(['middleware' => ['administrator','teacher','student']], function(){

And with this code:

Route::group(['middleware' => ['administrator' OR 'teacher' OR 'student']], function(){

Also I tried with this style:

Route::group(['middleware' => ['administrator|teacher|student']], function(){

Without getting any luck, is there anything what am I doing wrong? or is there a better way to do what I'm trying to achieve, thanks in advance!.

Udhav Sarvaiya
  • 9,380
  • 13
  • 53
  • 64
Erick Elizondo
  • 188
  • 3
  • 13
  • Typically this would be achieved using [authorisation](https://laravel.com/docs/10.x/authorization) and policies based on content. – apokryfos Jul 14 '23 at 14:43

3 Answers3

1

I'm using below code and it worked:

Route::group(['middleware' => ['administrator','teacher','student']], function() {});

1 In the kernel.php file, have you got all of the keys assigned with your middlewares ? For example:

protected $routeMiddleware = [
...
'administrator' => \App\Http\Middleware\RedirectIfAdmin::class,
'teacher' => \App\Http\Middleware\RedirectIfTeacher::class,
'student' => \App\Http\Middleware\RedirectIfStudent::class,
...
]

2 Try to check the user vars before the if in your handle().

dd(Auth::user()->type);
Ming Zhang
  • 11
  • 2
0

You need to pass an array to it I guess

Route::group(['middleware' => ['administrator','teacher','student']], function() {});

If that doesn't work you have to split them I guess

Route::group(['middleware' => 'administrator'], function () {
    Route::group([ 'middleware' => 'teacher'], function() {
        Route::group([ 'middleware' => 'student'], function() {

     });
    });
});
Jayashree
  • 153
  • 1
  • 6
0

This solution is untested, but...

In Kernel.php, add the middleware group:

protected $middlewareGroups = [
    'web' => [ /* existing code */ ],
    'api' => [ /* more standard stuff */ ],
    'ast' => [
        \App\Http\Middleware\RedirectIfAdmin::class,
        \App\Http\Middleware\RedirectIfTeacher::class,
        \App\Http\Middleware\RedirectIfStudent::class,
    ],
];

Then in your route file:

Route::group(['middleware' => 'ast'], function() { /* etc. */ });

The docs are >> here <<.

cartbeforehorse
  • 3,045
  • 1
  • 34
  • 49