how to secure routes laravel-5.8

Question

hi I wants that only admin can access the filecontroller route, or user can't access by typing URL:

these are routes:

  Route::group(['middleware' => ['web','auth']], function(){
     Route::get('/', function () {
       return view('welcome');
     });

     Route::get('/home', function(){
   if (Auth::user()->admin == 0) {
    return view('home');
   } else {
    $users['users'] = \App\User::all();
    return view('layouts.master', $users);
   }
     });

     Route::resource('file','FileController');

  });

User can't access Route::resource('file','FileController'); if he knows URL

Ali Ghaini · Accepted Answer · 2019-06-09T07:55:23.347

4

use middleware

The following command creates new Middleware called Admin

php artisan make:middleware Admin

This creates a file called Admin.php within the app/Http/Middleware directory that looks like

<?php namespace App\Http\Middleware;

use Closure;

class Admin {

    public function handle($request, Closure $next)
    {

        if ( Auth::check() && Auth::user()->isAdmin() )
        {
            return $next($request);
        }

        return redirect('home');

    }

}

You then need to add the Admin Middleware to your app/Http/Kernel.php file

protected $routeMiddleware = [
    'auth' => 'App\Http\Middleware\Authenticate',
    'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
    'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
    'admin' => 'App\Http\Middleware\Admin', // this line right here
];

Add the Admin Middleware to a route.

 Route::resource('file','FileController')->middleware(Admin::class)

Finally you need to add the isAdmin method we created above to your User model to check whether or not the user is an Admin.

class User extends Model
{
    protected $casts = [
        'is_admin' => 'boolean',
    ];

    public function isAdmin()
    {
        return $this->is_admin;
    }
}

edited Jun 09 '19 at 07:55

answered Jun 09 '19 at 07:13

Ali Ghaini

882
6
13

in previous middleware m using this: if(auth()->check() && $request->user()->admin == 0){ return redirect()->guest('home'); } return $next($request); but now this line gives error: Class 'App\Http\Middleware\Auth' not found – pro Jun 09 '19 at 07:25
add `use Auth;` top of middlware – Ali Ghaini Jun 09 '19 at 07:27
Trying to get property 'admin' of non-object – pro Jun 09 '19 at 07:31
plz look at this paste.ofcode.org/ryKDKrs32PUwVq7L5nFLqt – pro Jun 09 '19 at 07:33
remember I created a new middleware for it. – pro Jun 09 '19 at 07:35
change your Condition – Ali Ghaini Jun 09 '19 at 07:41
Call to a member function send() on boolean – pro Jun 09 '19 at 07:45
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/194657/discussion-between-programmer0001-and-spyker). – pro Jun 09 '19 at 08:06

MohammadReza Abbasi · Answer 2 · 2019-06-09T07:15:41.103

1

you can use laravel middleware

URL : https://laravel.com/docs/5.8/middleware or https://www.tutorialspoint.com/laravel/laravel_middleware.htm

and use to route

Route::group(['middleware' => 'isAdmin'], function(){
    Route::get('user', 'user\UserController@index');
});

edited Jun 09 '19 at 07:15

answered Jun 09 '19 at 07:07

MohammadReza Abbasi

490
2
13

1

m also using middleware but unable to use Route::resource('file','FileController'); in right way?? – pro Jun 09 '19 at 07:10
1

add middleware example Admin to middleware folder and Route::get('/', function () { return view('welcome'); })->middleware('admin'); – MohammadReza Abbasi Jun 09 '19 at 07:12
Route [file.index] not defined – pro Jun 09 '19 at 07:28
plz look at this paste.ofcode.org/ryKDKrs32PUwVq7L5nFLqt – pro Jun 09 '19 at 07:33
add middleware to app/http/Kernel.php => $routeMiddleware=[..., 'isAdmin'=> YOURMiddleware ] – MohammadReza Abbasi Jun 09 '19 at 07:41
type of Auth::user()->admin is string or int , not bool – MohammadReza Abbasi Jun 09 '19 at 07:53
use if(Auth::user()->admin=='1') – MohammadReza Abbasi Jun 09 '19 at 07:53

how to secure routes laravel-5.8

2 Answers2