I have admin dashboard and users like admin,developer,end users
I have permision to each roles
I have Voyageradminmiddleware to prevent access to other users.
<?php
namespace TCG\Voyager\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
use TCG\Voyager\Facades\Voyager;
class VoyagerAdminMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
*
* #return mixed
*/
public function handle($request, Closure $next)
{
if (!Auth::guest()) {
$user = Voyager::model('User')->find(Auth::id());
return $user->hasPermission('browse_admin')
? $next($request)
: redirect('/');
}
return redirect(route('voyager.login'));
}
}
Now my problem is that only admin can access dashborad other users can't.
return $user->hasPermission('browse_admin')
? $next($request)
: $next($request);
This code is working but if i use this, there is permission issue,any user can access others permission when they hit direct url.
I am very new to laravel.please help me.
Related
I implemented the must verify email system in Laravel 7. If a user hits a route that should be for verified visitors, the user is currently being redirected to view auth.verify. How to change this and to redirect it to route user.profile?
you can create a middleware EnsureEmailIsVerified to overwrite auth.verify
then apply this middleware to all your route
use Closure;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Support\Facades\Redirect;
class EnsureEmailIsVerified
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null $redirectToRoute
* #return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle($request, Closure $next, $redirectToRoute = null)
{
if (! $request->user() ||
($request->user() instanceof MustVerifyEmail &&
! $request->user()->hasVerifiedEmail())) {
return $request->expectsJson()
? abort(403, 'Your email address is not verified.')
: Redirect::route('user.profile');
}
return $next($request);
}
}
and here redirect based on your requirement
I want to update the user table field on each request if the user is authorized. I have not encountered such a task before. I tried to write on the AppServiceProvider.php file:
public function boot()
{
if(Auth::id()) {
$user = User::find(Auth::id());
$user->updated_at = Carbon::now()->setTimezone("America/Los_Angeles");
$user->save();
}
}
But in this case I could not take access to the authorized user.
Can I get access to the service provider to an authorized user?
Or solve this problem with creating middleware?
Note: I am doing this task to find out the time of the user's last activity.
Is the solution found right? Is there a load on the server?
by creating a new middleware try this one
php artisan make:middleware UserActivityUpdateMiddleware
UserActivityUpdateMiddleware
<?php
namespace App\Http\Middleware;
use Closure;
class UserActivityUpdateMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(Auth::User()) {
$user = User::find(Auth::user()->id);
$user->updated_at = Carbon::now()->setTimezone("America/Los_Angeles");
$user->save();
}
return $next($request);
}
}
I have problem that using multiple parameters in my Route::middleware isn't working for me. I am trying to assign a specific route only accessible for a superuser and admin role.
When I just use:
role:superuser
it works fine, but when I add a second parameter like:
role:superuser,admin
it fails when I assign myself the admin role but still works for the superuser role.
I am confused so any help would be appreciated!
Here is my RoleMiddleware:
namespace App\Http\Middleware;
use Closure;
class RoleMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string $roles
* #return mixed
*/
public function handle($request, Closure $next, ...$roles)
{
$user = $request->user();
if ($user && $user->isSuperuser($roles)) {
return $next($request);
}
return redirect('/home')->withError('U heeft niet de juiste rechten!');
}
}
Here is my isSuperuser method in my User model:
public function isSuperuser(...$roles)
{
if ($roles) {
return $this->roles == $roles;
}
return $this->roles;
}
Last but not least my routes/web code for the middleware:
Route::get('/users', 'UsersController#index')->middleware(['role:superuser,admin']);
Btw: the method is called 'isSuperuser' but that's just a name. It also has to accept the admin role at some point.
use | instead of , like this:
Route::get('/users', 'UsersController#index')->middleware(['role:superuser|admin']);
How can i assign middleware to user? I just follow the guide on laravel 5.2 but i can't figure...
I'm able to create middleware ( i have admin middleware)
<?php
namespace App\Http\Middleware;
use Closure;
class Admin
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
return $next($request);
}
}
I'm able to assign middleware to route
Route::group(['middleware' => ['auth', 'admin']], function () {
Route::resource('admin/tasks', 'Admin\\TasksController');
});
but how can i check if user is admin or not? I just follow the docs on laravel 5.2 for authentication, but i dont know how to access the page only for "admin" middleware...
Question 1 How to check if user is admin
I think using session is a good solution. You can store the user status in the session. And in the Admin middleware, you can check if user is admin by if (session('statut') === 'admin').
Question 2 Page Access of users
If user is admin, we will pass the request by return $next($request);
If user is not admin, we will redirect to index page or other page
you want by return new RedirectResponse(url('/'));
The following code may help you.
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\RedirectResponse;
class Admin {
public function handle($request, Closure $next)
{
if (session('statut') === 'admin')
{
return $next($request);
}
return new RedirectResponse(url('/'));
}
}
I would recommend you to use ENTRUST Laravel package
Entrust is a succinct and flexible way to add Role-based Permissions
to Laravel 5.
I have a small example for you, it very simple
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;
class Authenticate
{
/**
* The authentication guard factory instance.
*
* #var \Illuminate\Contracts\Auth\Factory
*/
protected $auth;
/**
* Create a new middleware instance.
*
* #param \Illuminate\Contracts\Auth\Factory $auth
* #return void
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null $guard
* #return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if ($this->auth->guard($guard)->guest()) {
return response('Unauthorized.', 401);
}
return $next($request);
}
}
If you only have guest and admin(who is authenticated in your system) you should do like above. But if you have another roles you will have to attach ACL (for ex https://github.com/Zizaco/entrust)
i have admin middleware and its working only on route
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class admin
{
/**
* Handle an incoming request.
* this is only for admin
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (!Auth::guest() && Auth::user()->admin) {
return $next($request);
}
return redirect('/');
}
}
how to i show like
#if (Auth::user())
than user see name and when admin is logged in than admin will see hello admin
what i type for admin
thank you in advance
Supposing you have a column role in user table:
#if(Auth::user()->role == 'admin')
<span>Hello{{Auth::user()->name}}</span>
or
<span>Hello admin</span>
#endif
If you don't have the column role put the condition in the if statement that defines user is a admin