3

I'm trying to restrict the access of routes to only some types of users in my site that I'm writing with Laravel 5.7, right now I'm trying to do it with middlewares.

For each user's level I have a middleware with this code(with a variation on the type):

public function handle($request, Closure $next)
{
    if(Auth::user()->type==3)
        return $next($request);
    else
        return redirect()->route('dashboard');
}

And in the kernel.php file, I have them written like this:

protected $routeMiddleware = [
    ...
    'teacher' => \App\Http\Middleware\RedirectIfTeacher::class,
    ...
]

In my application each user has a level, which starts from 1 to 5, but each level has individual views and some shared views, but I can't manage to redirect views for more than just one type of user because I can't make them work when I use more than one middlewares on a route (or routes) that are shared with more than two types of users.

When I try it justs ignores the second or more middlewares and redirects to the route dashboard which is the route for redirecting if the type of user can't enter the desired view.

Right now I've tried with this code:

Route::group(['middleware' => ['administrator','teacher','student']], function(){

And with this code:

Route::group(['middleware' => ['administrator' OR 'teacher' OR 'student']], function(){

Also I tried with this style:

Route::group(['middleware' => ['administrator|teacher|student']], function(){

Without getting any luck, is there anything what am I doing wrong? or is there a better way to do what I'm trying to achieve, thanks in advance!.

Improve this question
1
  • Typically this would be achieved using authorisation and policies based on content. Commented Jul 14, 2023 at 14:43

3 Answers 3

Reset to default
1

I'm using below code and it worked:

Route::group(['middleware' => ['administrator','teacher','student']], function() {});

1 In the kernel.php file, have you got all of the keys assigned with your middlewares ? For example:

protected $routeMiddleware = [
...
'administrator' => \App\Http\Middleware\RedirectIfAdmin::class,
'teacher' => \App\Http\Middleware\RedirectIfTeacher::class,
'student' => \App\Http\Middleware\RedirectIfStudent::class,
...
]

2 Try to check the user vars before the if in your handle().

dd(Auth::user()->type);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You need to pass an array to it I guess

Route::group(['middleware' => ['administrator','teacher','student']], function() {});

If that doesn't work you have to split them I guess

Route::group(['middleware' => 'administrator'], function () {
    Route::group([ 'middleware' => 'teacher'], function() {
        Route::group([ 'middleware' => 'student'], function() {

     });
    });
});
Improve this answer

Comments

0

This solution is untested, but...

In Kernel.php, add the middleware group:

protected $middlewareGroups = [
    'web' => [ /* existing code */ ],
    'api' => [ /* more standard stuff */ ],
    'ast' => [
        \App\Http\Middleware\RedirectIfAdmin::class,
        \App\Http\Middleware\RedirectIfTeacher::class,
        \App\Http\Middleware\RedirectIfStudent::class,
    ],
];

Then in your route file:

Route::group(['middleware' => 'ast'], function() { /* etc. */ });

The docs are >> here <<.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.