Add auth to some methods of API resource routes - laravel

I need to restrict access to the index resource so that people cant view all the submissions from a contact form.. is this possible to do via a route or what are people doing ?
Im using Laravel 5.2
Route::group(['prefix' => 'v1/api', 'middleware' => ['cors']], function(){
Route::resource('contact', 'ContactFormController', ['except' => [
'create', 'edit'
]]);
});

got it.. added this to the controller in question
function __construct() {
$this->middleware('auth', array('only' => array('index', 'show')));
}

Related

How can I make index form resource route out of the middleware?

Now this route's without ( except ) it just find working but when I want to reach any route like index or store I must to login then get the data form them . So I want to make index route out of this middleware ( it's ok reach to index without login ) hope to got it :)
route's :
Route::group(['middleware' => 'auth:api'], function() {
Route::resource('cards', 'cardsController', ['except' => 'index']);
Route::resource('services', 'servicesController', ['except' => 'index']);
Route::get('getUserinfo', 'LoginController#getUser');
});
and this my route list for cards :
and this when I get all cards form postman :
You have ['except' => 'index'] in the route group. Try to take it out and check if it is working.
Edited:
if you want index showing without login, try writting another route outside of the route group
so something like this
Route::get('cards', 'cardsController#index');
Route::get('services', 'servicesController#index');
Route::group(['middleware' => 'auth:api'], function() {
Route::resource('cards', 'cardsController', ['except' => 'index']);
Route::resource('services', 'servicesController', ['except' => 'index']);
Route::get('getUserinfo', 'LoginController#getUser');
});
First you should name your Controllers properly, instead of
cardsController
name it to
CardsController
Your error occurs because you are excepting the index action in your Controller.
Instead of this:
Route::resource('cards', 'cardsController', ['except' => 'index']);
Route::resource('services', 'servicesController', ['except' => 'index']);
Do this:
Route::resource('cards', 'cardsController');
Route::resource('services', 'servicesController');
Check out the docs
Dont forget to name your Controller properly.
As you should define your route outside the middleware.... As u want to use it without login....
Route::get('cards', 'cardsController#index');
Route::get('services', 'servicesController#index');
In middleware u have to define the route as below
Route::resource('cards', 'cardsController')->except('index');
Route::resource('services', 'servicesController')->except('index');

nested resources in laravel not worked

I want to have nested resources like that:
Route::group(['prefix' => 'manage', 'middleware' => ['role:boss']], function ()
{
Route::resource('/articles', 'ArticleController');
Route::group(['prefix' => '/articles', 'as' => 'articles.'], function () {
Route::resource('/types', 'ArticleTypeController');
});
});
But nested route for "article/type" doesn't work, I check my ArticleTypeController outside the "article" route and work.
I really confused, Everybody can help me?
and here is my controller:
class ArticleTypeController extends Controller
{
public function index()
{
$types = ArticleType::all();
return view('manage.articles.types.index')->withtypes($types);
}
}
Route::group(['prefix' => 'manage', 'middleware' => ['role:boss']], function ()
{
Route::get('articles/types', 'ArticleTypeController#articleTypeMethod');
Route::resource('articles', 'ArticleController');
Route::resource('articles.types', 'ArticleTypeController');
});
for nested resources use articles.types. plural naming is good.
now that manage/articles and manage/articles/1/types will work.
If you want to put a custom route, put it above the resource route if the controller has been used as a resource. see the articles/types [GET] route which maps to ArticleTypeController's articleTypeMethod. now this way http://localhost.com/manage/articles/types should work
here is the 5.1 documentation and it has been removed from documentation of 5.5. but have a look at what Taylor said about it here
it's not recommended on REST to use index function for articles/types, a nested resources index method is used like articles/{id}/types.
for articles/types you need to create a new method.
but if you still want to do it like that. just make it like this
Route::group(['prefix' => 'manage', 'middleware' => ['role:boss']], function ()
{
Route::get('articles/types', 'ArticleTypeController#index');
Route::resource('articles', 'ArticleController');
Route::resource('articles.types', 'ArticleTypeController', ['except' => ['index']]);
});

Multi domain routing in Laravel 5.2

I have setup multi-domain routing in my laravel 5.2 app. What I want to achieve is if a user hits, membership.app, he should be served different homepage as compared to user who hits, erp.app domain.
Route::pattern('erp', 'erp.app|erp.domain.com');
Route::pattern('membership', 'membership.app|membership.domain.com');
Route::group(['middleware' => ['web', 'auth'], 'domain' => '{erp}'], function() {
Route::get('/', 'HomeController#getIndex');
Route::controller('members', 'MembersController');
Route::controller('users', 'UsersController');
Route::controller('settings', 'SettingsController');
});
Route::group(['middleware' => 'web', 'domain' => '{erp}'], function () {
Route::controller('auth', 'Auth\AuthController');
});
Route::group(['middleware' => 'web', 'domain' => '{membership}'], function () {
Route::controller('/', 'BecomeMemberController');
});
Route::group(['middleware' => 'web'], function () {
Route::controller('ajax', 'AjaxController');
});
I tried this setup, but it breaks the code with first param in each controller method being the url instead of intended value.
Suppose I have a method hello in members controller.
public function hello($param1, $param2)
{
....
}
If I access erp.app/members/hello/1/2 url and try to print out $param1 of controller method, it returns erp.app instead of intended 1 in this case.
Please help.
I don't know why aren't you seperating the routes to different controllers as you say the output will be quite different...
A quick example of to use that:
Route::group(['domain' => '{type}.myapp.com'], function () {
Route::get('members/hello/{id1}/{id2}', function ($type, $id1, $id2) {
// when you enter --> members.myapp.com/hello/12/45
var_dump($type); //memebers
var_dump($id1); //12
var_dump($id2); //45
});
});

Laravel 5 Resourceful Routes Plus Middleware

Is it possible to add middleware to all or some items of a resourceful route?
For example...
<?php
Route::resource('quotes', 'QuotesController');
Furthermore, if possible, I wanted to make all routes aside from index and show use the auth middleware. Or would this be something that needs to be done within the controller?
In QuotesController constructor you can then use:
$this->middleware('auth', ['except' => ['index','show']]);
Reference: Controller middleware in Laravel 5
You could use Route Group coupled with Middleware concept:
http://laravel.com/docs/master/routing
Route::group(['middleware' => 'auth'], function()
{
Route::resource('todo', 'TodoController', ['only' => ['index']]);
});
In Laravel with PHP 7, it didn't work for me with multi-method exclude until wrote
Route::group(['middleware' => 'auth:api'], function() {
Route::resource('categories', 'CategoryController', ['except' => 'show,index']);
});
maybe that helps someone.
UPDATE FOR LARAVEL 8.x
web.php:
Route::resource('quotes', 'QuotesController');
in your controller:
public function __construct()
{
$this->middleware('auth')->except(['index','show']);
// OR
$this->middleware('auth')->only(['store','update','edit','create']);
}
Reference: Controller Middleware
Been looking for a better solution for Laravel 5.8+.
Here's what i did:
Apply middleware to resource, except those who you do not want the middleware to be applied. (Here index and show)
Route::resource('resource', 'Controller', [
'except' => [
'index',
'show'
]
])
->middleware(['auth']);
Then, create the resource routes that were except in the first one. So index and show.
Route::resource('resource', 'Controller', [
'only' => [
'index',
'show'
]
]);

Laravel Route::controller with additional parameters

I'm trying to figure out whether there is a way of adding url parameters to the Route::controller call.
What I have at the moment for my control panel is:
Route::group(
[
'prefix' => 'admin',
'namespace' => 'Admin'
],
function() {
Route::group(
[
'prefix' => '',
'before' => 'auth.admin'
],
function() {
Route::controller('page', 'PageController');
Route::controller('article', 'ArticleController');
}
);
Route::controller('/', 'LoginController');
}
);
Now - each of the controllers will have the post / getEdit actions, which will require the url id parameter to be passed over in the simple format of /admin/page/edit/{id}.
My question is - is there a way to perhaps add some parameters to the Route::controller method or do I have to do them all using Route::get / Route::post approach?
I know I can do it by adding two extra cases with get and post above the given controller call:
Route::group(
[
'prefix' => 'admin',
'namespace' => 'Admin'
],
function() {
Route::group(
[
'prefix' => '',
'before' => 'auth.admin'
],
function() {
Route::get('page/edit/{id}', 'PageController#getEdit');
Route::post('page/edit/{id}', 'PageController#postEdit');
Route::controller('page', 'PageController');
Route::controller('article', 'ArticleController');
}
);
Route::controller('/', 'LoginController');
}
);
but perhaps there's a better approach?
You can use Route::resource:
Route::resource('resource', 'ResourceController');
This will register the following routes:
GET /resource index resource.index
GET /resource/create create resource.create
POST /resource store resource.store
GET /resource/{resource} show resource.show
GET /resource/{resource}/edit edit resource.edit
PUT/PATCH /resource/{resource} update resource.update
DELETE /resource/{resource} destroy resource.destroy
You can use it together with only or except to choose what routes to be included (or excluded):
Route::resource('resource', 'ResourceController', ['only' => ['index', 'show', 'update', 'destroy']]);
Read more about restful resource controllers in the Laravel documentation.
This post might also be interesting: Laravel 4 - Route::resource vs Route::controller. Which to use?

Resources