I created all the policies with command artisan, php artisan make:policy ModelPolicy --model=ModelName, created UserPolicy and ProfilePolicy, the first one works fine, but the second one (ProfilePolicy) is calling UserPolicy.
ProiflePolicy.php
<?php
namespace App\Policies;
use App\Models\Profile;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Auth\Access\Response;
class ProfilePolicy {
use HandlesAuthorization;
// I'm use this to know what policy is being called
protected $template = '[ProfilePolicy] you cannot %s this resource!';
/**
* Determine whether the user can view any models.
*
* #param \App\Models\User $user
* #return mixed
*/
public function viewAny(User $user) {
return in_array( $user->profile->slug, ['administrator'] )
? Response::allow()
: Response::deny( sprintf( $this->template, 'LIST') );
}
...
AuthServiceProvider.php
<?php
namespace App\Providers;
use App\Models\Profile;
use App\Policies\ProfilePolicy;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
// \App\Models\User::class => \App\Policies\UserPolicy::class,
Profile::class => ProfilePolicy::class,
];
/**
* Register any authentication / authorization services.
*
* #return void
*/
public function boot()
{
$this->registerPolicies();
//
}
}
ProfileController.php
<?php
namespace App\Http\Controllers\v0;
use App\Models\Profile;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Str;
class ProfilerController extends Controller {
/**
* Display a listing of the resource.
*
* #return \Illuminate\Http\Response
*/
public function index( Request $request ) {
$query = Profile::query();
// UserPolicy is being called even commented
\Gate::authorize('viewAny', auth('staff')->user() );
query_page( $query, $request );
query_embed( new Profile, $query, $request );
$query->when( in_array(auth('staff')->user()->profile->slug, ['seller-manager']), function( $query ) {
return $query->whereSlug( 'seller' );
});
$data = $query->limit( $request->limit ?: config('app.limit_per_page') )->get();
return response()->json( responseFormat( false, $data ) );
}
....
API Response:
Related
I am creating a leave request application for employee in an organization where user can create a leave request and admin(s) can approve/reject the request. The user and admin(s) should receive mail each time after making a leave request and after approval too. I am using event listener to send the mail and could send the mail using separate events and listeners(4 events:
making leave request to admin,
making leave request to user,
after accepting/rejecting the request to admin and
accepting/rejecting the request to user
and likewise 4 listeners too)
but it would be better if I could reduce the number of events and listeners in this case since the user mail and email template only are different.
I studied about event subscribers which subscribe to multiple events from within the subscriber class itself which is not what I want.
Is it possible to send multiple emails to multiple user/admin using less number of events/listeners?
I am using laravel 8
Code:
controller is:
public function store(Request $request)
{
DB::beginTransaction();
try{
$request->validate(
[
'leave_type' => 'in:halfday,fullday',
'start_date' => 'required',
'end_date' => 'required',
'assignee' => 'required',
]
);
$datetime1 = new \DateTime($request->start_date);
$datetime2 = new \DateTime($request->end_date);
$interval = $datetime1->diff($datetime2);
$days = $interval->format('%a');//total requested days
$leave_request= new LeaveRequest();
$leave_request->requested_by = auth()->user()->id;
$leave_request->leave_type_id = $request->leave_type_id ;
$leave_request->leave_type = $request->leave_type;
$leave_request->start_date = $request->start_date;
$leave_request->end_date = $request->end_date;
$leave_request->total_days = $days+1;
$leave_request->assignee = $request->assignee;
$leave_request->reviewer = $request->reviewer;
if($leave_request->save()){
$user = User::where('id', auth()->user()->id)->first();
$assignee = User::where('id',$request->assignee)->first();
$assignee->locale = App::currentLocale();
$assignee->requested_by = $user->name;
event(new SendLeaveRequestToAdminEvent($assignee));//send mail to admin asignee
if($request->reviewer !=null){
$reviewer = User::where('id',$request->reviewer)->first();
$reviewer->locale = App::currentLocale();
$reviewer->requested_by = $user->name;
event(new SendLeaveRequestToAdminEvent($reviewer));//send mail to admin reviewer(optional)
}
$user->locale = App::currentLocale();
event(new SendLeaveRequestToUserEvent($user));//send mail to user
DB::commit();
return response()->json([
'message'=> 'Leave requested successfully',
'status_code' => 200,
]);
}
else{
DB::rollback();
return response()->json([
'status_code' => '204',
'message' => 'Leave request failed',
]);
}
} catch (Exception $error) {
DB::rollback();
return response()->json([
'message' => 'Leave request failed',
'error' => $error
]);
}
}
first event to mail to admin(s) i.e; assignee and reviewer after sending leave request is
<?php
namespace App\Events;
use Illuminate\Broadcasting\Channel;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Broadcasting\PresenceChannel;
use Illuminate\Broadcasting\PrivateChannel;
use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Queue\SerializesModels;
use App\Models\User;
class SendLeaveRequestToAdminEvent
{
use Dispatchable, InteractsWithSockets, SerializesModels;
public $admin;
/**
* Create a new event instance.
*
* #return void
*/
public function __construct(User $admin)
{
$this->admin = $admin;
}
/**
* Get the channels the event should broadcast on.
*
* #return \Illuminate\Broadcasting\Channel|array
*/
public function broadcastOn()
{
return new PrivateChannel('channel-name');
}
}
second event to mail to user after sending leave request is
<?php
namespace App\Events;
use Illuminate\Broadcasting\Channel;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Broadcasting\PresenceChannel;
use Illuminate\Broadcasting\PrivateChannel;
use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Queue\SerializesModels;
use App\Models\User;
class SendLeaveRequestToUserEvent
{
use Dispatchable, InteractsWithSockets, SerializesModels;
public $user;
/**
* Create a new event instance.
*
* #return void
*/
public function __construct(User $user)
{
$this->user = $user;
}
/**
* Get the channels the event should broadcast on.
*
* #return \Illuminate\Broadcasting\Channel|array
*/
public function broadcastOn()
{
return new PrivateChannel('channel-name');
}
}
first listener to admin(s):
<?php
namespace App\Listeners;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Support\Facades\Mail;
use App\Mail\LeaveRequestAdmin;
use App\Events\SendLeaveRequestToAdminEvent;
class SendLeaveRequestToAdminListener
{
/**
* Create the event listener.
*
* #return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* #param SendLeaveRequestToAdminEvent $event
* #return void
*/
public function handle(SendLeaveRequestToAdminEvent $event)
{
$email = $event->admin->email;
Mail::to($email)->locale($event->admin->locale)->send(new LeaveRequestAdmin($event->admin));
}
}
second listener to user:
<?php
namespace App\Listeners;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Support\Facades\Mail;
use App\Mail\LeaveRequestUser;
use App\Events\SendLeaveRequestToUserEvent;
class SendLeaveRequestToUserListener
{
/**
* Create the event listener.
*
* #return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* #param SendLeaveRequestToUserEvent $event
* #return void
*/
public function handle(SendLeaveRequestToUserEvent $event)
{
$email = $event->user->email;
Mail::to($email)->locale($event->user->locale)->send(new LeaveRequestUser($event->user));
}
}
mail to admin:
<?php
namespace App\Mail;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Facades\URL;
class LeaveRequestAdmin extends Mailable
{
use Queueable, SerializesModels;
public $admin;
/**
* Create a new message instance.
*
* #return void
*/
public function __construct($admin)
{
$this->admin = $admin;
}
/**
* Build the message.
*
* #return $this
*/
public function build()
{
return $this->markdown('email.leaverequestadmin', [
'url' => URL::to('/home'),
'admin' => $this->admin,
])->subject('Incoming Leave Request');
}
}
mail to user:
<?php
namespace App\Mail;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Facades\URL;
class LeaveRequestUser extends Mailable
{
use Queueable, SerializesModels;
public $user;
/**
* Create a new message instance.
*
* #return void
*/
public function __construct($user)
{
$this->user = $user;
}
/**
* Build the message.
*
* #return $this
*/
public function build()
{
return $this->markdown('email.leaverequestuser', [
'url' => URL::to('/home'),
'user' => $this->user,
])->subject('Leave Request Received');
}
}
the above code is used after leave request is created which have two separate events/listeners/mail/ blade templates. Like wise I have similar another two events/listeners/mail/ blade templates each which are used after the leave request is accepted/rejected.
In new laravel 9 I changed fortify app/Actions/Fortify/CreateNewUser.php, as I need to pass more parameters when I create new user :
<?php
namespace App\Actions\Fortify;
use App\Models\User;
use Illuminate\Database\QueryException;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use DB;
//use Laravel\Fortify\Contracts\CreatesNewUsers;
use App\Actions\Fortify\CreatesNewUsers;
// /_wwwroot/lar/BiCurrencies/resources/fortify/CreatesNewUsers.php
use Laravel\Jetstream\Jetstream;
use Spatie\Permission\Models\Permission;
class CreateNewUser implements CreatesNewUsers
{
use PasswordValidationRules;
/**
* Validate and create a newly registered user.
*
* #param array $input
*
* #return \App\Models\User
*/
public function create(array $input, bool $make_validation, array $hasPermissions)
{
if ($make_validation) {
$userValidationRulesArray = User::getUserValidationRulesArray(null, []);
if (\App::runningInConsole()) {
unset($userValidationRulesArray['password_2']);
}
$validator = Validator::make($input, $userValidationRulesArray);//->validate();
if ($validator->fails()) {
$errorMsg = $validator->getMessageBag();
if (\App::runningInConsole()) {
echo '::$errorMsg::' . print_r($errorMsg, true) . '</pre>';
}
return $errorMsg;
}
} // if($make_validation) {
$newUserData = [
'name' => $input['name'],
'email' => $input['email'],
];
also I have interface file app/Actions/Fortify/CreatesNewUsers.php :
<?php
namespace App\Actions\Fortify;
interface CreatesNewUsers
{
/**
* Validate and create a newly registered user.
*
* #param array $input
* #return mixed
*/
public function create(array $input, bool $make_validation, array $hasPermissions);
}
and default app/Providers/FortifyServiceProvider.php:
<?php
namespace App\Providers;
use App\Actions\Fortify\CreateNewUser;
use App\Actions\Fortify\ResetUserPassword;
use App\Actions\Fortify\UpdateUserPassword;
use App\Actions\Fortify\UpdateUserProfileInformation;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\ServiceProvider;
use Laravel\Fortify\Fortify;
class FortifyServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*
* #return void
*/
public function register()
{
//
}
/**
* Bootstrap any application services.
*
* #return void
*/
public function boot()
{
Fortify::createUsersUsing(CreateNewUser::class);
Fortify::updateUserProfileInformationUsing(UpdateUserProfileInformation::class);
Fortify::updateUserPasswordsUsing(UpdateUserPassword::class);
Fortify::resetUserPasswordsUsing(ResetUserPassword::class);
RateLimiter::for('login', function (Request $request) {
$email = (string) $request->email;
return Limit::perMinute(5)->by($email.$request->ip());
});
RateLimiter::for('two-factor', function (Request $request) {
return Limit::perMinute(5)->by($request->session()->get('login.id'));
});
}
}
It works in my app when I can it iin diffdrent places, but I got error when I run default Register form :
[2022-05-21 15:06:52] local.ERROR: Laravel\Fortify\Http\Controllers\RegisteredUserController::store(): Argument #2 ($creator) must be of type Laravel\Fortify\Contracts\CreatesNewUsers, App\Actions\Fortify\CreateNewUser given, called in /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/Controller.php on line 54 {"exception":"[object] (TypeError(code: 0): Laravel\\Fortify\\Http\\Controllers\\RegisteredUserController::store(): Argument #2 ($creator) must be of type Laravel\\Fortify\\Contracts\\CreatesNewUsers, App\\Actions\\Fortify\\CreateNewUser given, called in /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/Controller.php on line 54 at /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/fortify/src/Http/Controllers/RegisteredUserController.php:51)
[stacktrace]
#0 /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): Laravel\\Fortify\\Http\\Controllers\\RegisteredUserController->store()
#1 /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#2 /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/Route.php(261): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#3 /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/Route.php(204): Illuminate\\Routing\\Route->runController()
#4 /mnt/_work_sdb8/wwwroot/lar/LaravelTest/vendor/laravel/framework/src/Illuminate/Routing/Router.php(725): Illuminate\\Routing\\Route->run()
What is wrong and how it can be fixed ?
Thanks!
I'm new at Laravel, and I'm trying to make Policies that will prevent user that doesn't have id_level 1 which is admin to access InventarisController, but the InventarisPolicy doesn't send variable to InventarisController.
it's my Inventaris Policies
InventarisPolicy.php
<?php
namespace App\Policies;
use App\{User, Level};
use Illuminate\Auth\Access\HandlesAuthorization;
class InventarisPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* #return void
*/
public function __construct()
{
//
}
public function inventaris_add(User $user)
{
$user->id_level == 1;
// dd($user);
// $user->id_level == 2;
}
}
it's my Inventaris Controller
InventarisController.php
<?php
namespace App\Http\Controllers;
use App\{Inventaris, DetailPinjamanView};
// use Illuminate\Http\Controllers\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Auth;
// use App\Http\Controllers\Auth\Request;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class InventarisController extends Controller
{
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Display a listing of the resource.
*
* #return \Illuminate\Http\Response
*/
public function index()
{
// $viewpinjaman = DetailPinjamanView::all();
$this->authorize('inventaris_add', $user);
$inventaris = Inventaris::all();
return view('index', compact('inventaris'));
}
im trying to setup a multi auth system in laravel 8 with jetstream livewire in my ecomm project (one login page for admins(/admin/login) and another for users(/login))
i have followed a tutorial and everything is ok expect when i login to user from /login page i can access /admin/dashboard with that user and with admin its fine and cant access user /dashboard
routes\web.php:
Route::get('/', function () {
return view('welcome');
});
Route::group(['prefix'=>'admin','middleware'=>['admin:admin']],function(){
Route::get('/login', [AdminController::class, 'loginForm']);
Route::post('/login', [AdminController::class, 'store'])->name('admin.login');
Route::get('/logout', [AdminController::class, 'Logout'])->name('admin.logout');
});
Route::middleware(['auth:sanctum,admin', 'verified'])->get('/admin/dashboard', function () {
return view('admin.index');
})->name('dashboard.admin');
Route::middleware(['auth:sanctum,web', 'verified'])->get('/dashboard', function () {
return view('dashboard');
})->name('dashboard');
Models\Admin.php:
<?php
namespace App\Models;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Fortify\TwoFactorAuthenticatable;
use Laravel\Jetstream\HasProfilePhoto;
use Laravel\Sanctum\HasApiTokens;
class Admin extends Authenticatable
{
use HasApiTokens;
use HasFactory;
use HasProfilePhoto;
use Notifiable;
use TwoFactorAuthenticatable;
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name',
'email',
'password',
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password',
'remember_token',
'two_factor_recovery_codes',
'two_factor_secret',
];
/**
* The attributes that should be cast to native types.
*
* #var array
*/
protected $casts = [
'email_verified_at' => 'datetime',
];
/**
* The accessors to append to the model's array form.
*
* #var array
*/
protected $appends = [
'profile_photo_url',
];
}
Controllers\AdminController.php:
<?php
namespace App\Http\Controllers;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller;
use Illuminate\Routing\Pipeline;
use App\Actions\Fortify\AttemptToAuthenticate;
use Laravel\Fortify\Actions\EnsureLoginIsNotThrottled;
use Laravel\Fortify\Actions\PrepareAuthenticatedSession;
use App\Actions\Fortify\RedirectIfTwoFactorAuthenticatable;
use App\Http\Responses\LoginResponse;
use Laravel\Fortify\Contracts\LoginViewResponse;
use Laravel\Fortify\Contracts\LogoutResponse;
use Laravel\Fortify\Features;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\Http\Requests\LoginRequest;
use Auth;
class AdminController extends Controller
{
/**
* The guard implementation.
*
* #var \Illuminate\Contracts\Auth\StatefulGuard
*/
protected $guard;
/**
* Create a new controller instance.
*
* #param \Illuminate\Contracts\Auth\StatefulGuard
* #return void
*/
public function __construct(StatefulGuard $guard, Request $request)
{
$this->guard = $guard;
}
public function loginForm(){
return view('admin.login',['guard'=>'admin']);
}
public function Logout(){
Auth::logout();
return Redirect()->url('admin/login')->with('success', 'Logged Out');
}
/**
* Show the login view.
*
* #param \Illuminate\Http\Request $request
* #return \Laravel\Fortify\Contracts\LoginViewResponse
*/
public function create(Request $request): LoginViewResponse
{
return app(LoginViewResponse::class);
}
/**
* Attempt to authenticate a new session.
*
* #param \Laravel\Fortify\Http\Requests\LoginRequest $request
* #return mixed
*/
public function store(LoginRequest $request)
{
return $this->loginPipeline($request)->then(function ($request) {
return app(LoginResponse::class);
});
}
/**
* Get the authentication pipeline instance.
*
* #param \Laravel\Fortify\Http\Requests\LoginRequest $request
* #return \Illuminate\Pipeline\Pipeline
*/
protected function loginPipeline(LoginRequest $request)
{
if (Fortify::$authenticateThroughCallback) {
return (new Pipeline(app()))->send($request)->through(array_filter(
call_user_func(Fortify::$authenticateThroughCallback, $request)
));
}
if (is_array(config('fortify.pipelines.login'))) {
return (new Pipeline(app()))->send($request)->through(array_filter(
config('fortify.pipelines.login')
));
}
return (new Pipeline(app()))->send($request)->through(array_filter([
config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null,
AttemptToAuthenticate::class,
PrepareAuthenticatedSession::class,
]));
}
/**
* Destroy an authenticated session.
*
* #param \Illuminate\Http\Request $request
* #return \Laravel\Fortify\Contracts\LogoutResponse
*/
public function destroy(Request $request): LogoutResponse
{
$this->guard->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return app(LogoutResponse::class);
}
}
Responses\LoginResponse.php:
<?php
namespace App\Http\Responses;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
class LoginResponse implements LoginResponseContract
{
/**
* Create an HTTP response that represents the object.
*
* #param \Illuminate\Http\Request $request
* #return \Symfony\Component\HttpFoundation\Response
*/
public function toResponse($request)
{
return $request->wantsJson()
? response()->json(['two_factor' => false])
: redirect()->intended('admin/dashboard');
}
}
i also created a copy of StatefulGuard in App\Guards\AdminStatefulGuard.php following that tutorial but never used it.
Problem fixed by adding this code to my admin controllers.
public function __construct()
{
$this->middleware(['auth:admin,admin', 'verified']);
}
and also replacing this in web route:
Route::middleware(['auth:sanctum,admin', 'verified'])->get('/admin/dashboard', function () {
return view('admin.index');
})->name('dashboard.admin');
with this:
Route::middleware(['auth:admin,admin', 'verified'])->get('/admin/dashboard', function () {
return view('admin.index');
})->name('dashboard.admin');
Try this on Admin middleware
public function handle(Request $request, Closure $next, $guard)
{
if (Auth::guard($guard)->check()) {
return redirect('/admin/dashboard');
}
if(Auth::guard('web')->check()) {
return redirect('/dashboard');
}
return $next($request);
}
and on RedirectIfAuthenticated middleware:
public function handle(Request $request, Closure $next, ...$guards)
{
$guards = empty($guards) ? [null] : $guards;
foreach ($guards as $guard) {
if (Auth::guard($guard)->check()) {
return redirect(RouteServiceProvider::HOME);
}
}
if(Auth::guard('admin')->check()) {
return redirect('admin/dashboard');
}
return $next($request);
}
I'm new to Laravel and I'm trying to set up an email verification for job_seeker but after I register a new job_seeker I redirect to profile page which must be protected with job_seeker_verified middleware
in normal case I must be redirecting to job_seeker/verify which uses the route named job_seeker_verification.notice with the controller verification_controller and the function that shows the view with verify message but instead I get
forbidden page 403
namespace App\Http\Controllers\job_seeker;
use App\Job_seeker;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
class job_seeker_profile_controller extends Controller
{
public function __construct()
{
$this->middleware(['job_seeker_auth', 'job_seeker_verified']);
}
public function show_profile(Job_seeker $job_seeker)
{
return view('profile.job_seeker_profile');
}
}
namespace App\Http\Middleware;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Support\Facades\Auth;
use Closure;
class Ensure_Job_Seeker_Is_Verified
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
$guard == 'job_seeker';
if (
!Auth::guard($guard)->user() || (Auth::guard($guard)->user() instanceof MustVerifyEmail &&
!Auth::guard($guard)->user()->hasVerifiedEmail())
) {
return $request->expectsJson()
? abort(403, 'Your email address is not verified.')
: Redirect::route('job_seeker_verification.notice');
}
return $next($request);
}
}
namespace App\Http\Controllers\job_seeker;
use Illuminate\Http\Request;
use App\Job_seeker;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\VerifiesEmails;
class Verification_Controller extends Controller
{
use VerifiesEmails;
/**
* Display a listing of the resource.
*
* #return \Illuminate\Http\Response
*/
protected $redirectTo = 'job_seeker.profile';
public function __construct()
{
$this->middleware('job_seeker_auth');
$this->middleware('signed');
$this->middleware('throttle:6,1')->only('resend');
}
/**
* Display the specified resource.
*
* #param int $id
* #return \Illuminate\Http\Response
*/
public function show(Request $request)
{
return $request->user()->hasVerifiedEmail()
? redirect($this->redirectPath())
: view('profile.job_seeker_verify');
}
public function verify(Request $request)
{
if ($request->route('id') != $request->user()->getKey()) {
throw new AuthorizationException;
}
if ($request->user()->hasVerifiedEmail()) {
return redirect($this->redirectPath());
}
if ($request->user()->markEmailAsVerified()) {
event(new Verified($request->user()));
}
return redirect($this->redirectPath())->with('job_seeker_verified', true);
}
}
Route::get('job_seeker_email.resend', [
'as'=>'job_seeker_email.verification.resend', 'uses'=>'job_seeker\Job_Seeker_Verication_email#resend'
]);
Route::get('job_seeker/verify', [
'as'=>'job_seeker_verification.notice', 'uses'=>'job_seeker\Verification_Controller#show'
]);
Route::get('job_seeker/verify/{id}', [
'as'=>'job_seeker_verification.verify','uses'=>'job_seeker\Verification_Controller#verify'
]);
Remove
$this->middleware('job_seeker_auth');
From the verification_controller constructor because it's returning 403 before it reaches the show or verify method
An unverified user can't verify themselves if they need to be verified to do so