i want to make two authentication roles(admin and user). every thing work fine, but for example when i am logged as user and i try to access the admin dashboard i want want redirected to the user dashboard instead cause i must not have access to it as a user... the problem is when i try to access the admin dashboard as a user i get this error : Trying to get property 'headers' of non-object
this my two middlewares...
Admin middleware:
public function handle(Request $request, Closure $next)
{
if (Auth::check() && Auth::user()->role == 'admin'){
return $next($request);
}else{
redirect()->route('login');
}
}
User middleware:
public function handle(Request $request, Closure $next)
{
if (Auth::check() && Auth::user()->role == 'user'){
return $next($request);
}else{
redirect()->route('login');
}
}
and i did edit the RedirectIfAuthenticated middleware to this.
public function handle(Request $request, Closure $next, ...$guards)
{
$guards = empty($guards) ? [null] : $guards;
foreach ($guards as $guard) {
/*if (Auth::guard($guard)->check()) {
return redirect(RouteServiceProvider::HOME);
}*/
if (Auth::guard($guard)->check() && Auth::user()->role == 'user') {
return redirect()->route('user.dashboard');
}
elseif (Auth::guard($guard)->check() && Auth::user()->role == 'admin'){
return redirect()->route('admin.dashboard');
}
}
return $next($request);
}
In middleware, it is important to handle all cases and return the redirects accordingly :
return redirect()->route('login');
You should return the redirect
Admin middleware:
public function handle(Request $request, Closure $next)
{
if (Auth::check() && Auth::user()->role == 'admin'){
return $next($request);
}else{
return redirect()->route('login');
}
}
User middleware:
public function handle(Request $request, Closure $next)
{
if (Auth::check() && Auth::user()->role == 'user'){
return $next($request);
}else{
return redirect()->route('login');
}
}
Related
I am new on laravel. I am actually having a problem with my middleware. I already registered it on Kernel.php file.
public function handle($request, Closure $next){
$user = Auth::user();
if($user->hasAnyRole('school'))
{
return $next($request);
}
return redirect('login');
}
here is my User model
public function roles(){
return $this->belongsToMany('App\Role');
}
public function hasAnyRoles(){
return null !== $this->roles()->whereIn('name', $roles)->first();
}
public function hasAnyRole(){
return null !== $this->roles()->where('name', $role)->first();
}
Try flipping the logic and also checking if logged in.
Do a (Auth::check() :
public function handle($request, Closure $next){
if (Auth::check()) {
$user = Auth::user();
if($user->hasAnyRole('school'))
{
return $next($request);
}
} else {
return redirect('login');
}
}
Please i have two route::group, the first is for normal staff and the second is for hod and normal staff.
//staff
Route::group(['middleware' => 'App\Http\Middleware\lecturerMiddleware','as'=>'staff::'], function() {
Route::match(['post','get'],'application', ['as'=>'application','LeavessController#index'])->name('application');
});
//HOD and Provost
Route::group(['middleware' => 'App\Http\Middleware\hodProvostMiddleware'], function() {
Route::match(['post','get'],'application', 'LeavessController#index')->name('application');
Route::match(['post','get'],'applied', 'LeavesController#applied');
Route::match(['post','get'],'approval/{id}', 'LeavesController#approval');
});
If i access application route as Hod its working but when i try to access as a normal staff its nt working
//HodProvostMiddleware
public function handle($request, Closure $next) {
$user = $request->user();
if ($user && ($user->user_access_id == '3' or $user->user_access_id == '2')) {
return $next($request);
}else return new Response(view('unauthorized')->with('role', 'HOD'));
}
// staffMiddleware
public function handle($request, Closure $next) {
if ($request->user() && $request->user()->user_access_id == '1') {
return $next($request);
}else return new Response(view('unauthorized')->with('role', 'LECTURER'));
}
}
I am using softdelete for users when a user is deleted.
When logging in or authenticating, all users are authenticated. So, I made a middleware named:
isSoftdeletedorNot
public function handle($request, Closure $next)
{
if ($request->user()->deleted_at == null) :
return $next($request);
else:
Auth::logout();
Session::flush();
Session::regenerate();
return redirect()->route('login')->withErrors(['suspended' => 'Your account is deactivated']);
endif;
}
It executes well. The problem is the redirected route shows 404 error and when I manually hard refresh it, it works again.
Try this
public function handle($request, Closure $next)
{
if ($request->user()->deleted_at != null) {
Auth::logout();
Session::flush();
Session::regenerate();
return redirect()->route('login')->withErrors(['suspended' => 'Your account is deactivated']);
}else{
return $next($request);
}
}
I have middleware UKM I want if the Auth::id() in the table ukm, hen can access the next request. But not working, if Auth::id() no in the table user can access.
public function handle($request, Closure $next)
{
$query = DB::table('ukm')->where('id_user',Auth::id())->get();
foreach($query as $key){
$cek = $key->id_user;
}
if ($cek != NULL) {
return $next($request);
}
return redirect('/');
}
try this...
public function handle($request, Closure $next)
{
$query = DB::table('ukm')->where('id_user',Auth::id())->first();
if ($query != NULL) {
return $next($request);
}
return redirect('/');
}
how about this ....
public function handle($request, Closure $next)
{
$query = DB::table('ukm')->pluck('id_user')->toArray();
if(in_array( Auth::user()->id, $query )
{
return $next($request);
}
return redirect('/');
}
I have 2 Middlewares.
My StaffMiddleware
public function handle($request, Closure $next)
{
if( $request->user()->role->name != 'staff'){
return redirect()->route('store');
}
return $next($request);
}
My AdminMiddleware
public function handle($request, Closure $next)
{
if( $request->user()->role->name != 'admin'){
return redirect()->route('store');
}
return $next($request);
}
The Problem is my UnitController
public function __construct(UnitInterface $unit){
$this->middleware('staff');
$this->middleware('admin);
$this->unit = $unit;
}
It should work either the role is a staff or an admin. Do I need to create another Middleware to combine them both?
This completely depends on the way your Middleware is designed. As you can see from your code, it simple redirects if the role is not staff or not admin so there would be no way for you to have an OR logic.
However, you could use middleware parameters to avoid this.
$this->middleware('role:admin,staff');
This will use the role middleware and pass admin and staff as parameters.
Then you can use these parameters in your middleware:
public function handle($request, Closure $next, ...$params)
{
if(!in_array($request->user()->role->name, $params)){
return redirect()->route('store');
}
return $next($request);
}
This captures the additional parameters into an array $params in which you can check if the user's role matches one of the parameters.
**try this**
public function __construct(UnitInterface $unit){
$this->middleware(function ($request, $next) {
if($request->user()->role->name == 'staff' || $request->user()->role->name == 'admin')
{
return $next($request);
}
return redirect()->route('store')
});
}
No middleware