I have a form that has two types of users: administrators and developers and each has its post login page, but even logged in as administrator, I can go to the developers pages. I need to fix this!
I have a form that has two types of users: administrators and developers and each has its post login page, but even logged in as administrator, I can go to the developers pages. I need to fix this!
Create a Middleware. Open the Command Prompt , go to your project folder and type:
php artisan make:middleware CheckRoleUser
Register this Middleware on App/Http/Kernel.php
on $routeMiddleware
protected $routeMiddleware = [
'check_role' => \App\Http\Middleware\CheckRoleUser::class,
.
.
.
];
Open the file App/Http/Middleware/CheckRoleUser.php
and write the code routine that verifies that the user is an Admin or Developer. I do not know what your database looks like. But the users
table must have a role
or role_id
field that defines the user type.
public function handle($request, Closure $next, $guard = null){
# Se for diferente de 1 = Admin volta para página de login.
if (!Auth::user()->role == 1) {
return redirect()->to('/login');
}
return $next($request);
}
In the App/Http/routes.php
file, you call the middleware created with the name you set in Kernel.php
.
# Admin
Route::group(['prefix' => 'admin', 'middleware' => 'check_role'], function(){
Route::get('/', 'DashboardController@index');
});
I do not know which version of Laravel you are using but if it is 5.2 or higher, it already has natively control for different types of authentication, called "guard", in the folder of your project go to config / auth.php, there is an array with the "guards", you can do so for example:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'desenvolvedor' => [
'driver' => 'session',
'provider' => 'desenvolvedores',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
]
You will need to change the array of providers also in this same "auth.php" file, put the provider like this:
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'desenvolvedores' => [
'driver' => 'eloquent',
'model' => App\Desenvolvedor::class,
]
]
Note that in the provider you specify the model that will be used to perform the authentication, you can duplicate the User model and change it to Developer, going something like this:
<?php
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Desenvolvedor extends Authenticatable
{
protected $table = 'desenvolvedores'; //coloque aqui o nome da tabela dos desenvolvedores
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
}
You will also need to have the 'name', 'email' and 'password' fields in your developers table, I suggest you follow the pattern of the 'users' table.
This way you can create protected routes for each "guard", for example:
Route::group(['prefix' => '/desenvolvedor', 'middleware' => 'auth:desenvolvedor'], function ()...
For more details I suggest you read the documentation at: link