Route access control - Laravel 5.1

3

I have some views that only clients can access, and some that only administrators can access. What I defined in the case is the client_id, which if "1" is an administrator and if it is any other client. I control this with 2 Middleware locally, but when I published to a hosting server I get an error:

  

This web page has a redirect loop

     

ERR_TOO_MANY_REDIRECTS

Routes:

// Rotas para administradores
Route::group(['middleware' => 'auth', 'middleware' => 'SIST\Http\Middleware\AdminMiddleware'], function()
{
    Route::get('inicio', ['as' => 'inicio','uses' => 'Admin\InicioController@index']);
});

// Rotas para clientes
Route::group(['middleware' => 'auth', 'middleware' => 'SIST\Http\Middleware\ClientMiddleware'], function ()
{
    Route::get('sist', ['as' => 'sist','uses' => 'Client\SistController@index']);
});

Admin Middleware:

class AdminMiddleware
{
    public function handle($request, Closure $next)
    {
        if (Auth::user()->id_cliente !== 1)
        {
            return redirect('/sist');
        }else{
            return $next($request);
        }
    }
}

Client Middleware:

class ClientMiddleware
{
    public function handle($request, Closure $next)
    {           
        $id_cliente = Auth::user()->id_cliente;

        if ($id_cliente === 1)
        {
            return redirect('/inicio');
        }else{
            $cliente = Cliente::find($id_cliente);
            return $next($request);
        }
    }
}

htaccess

<IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !^public
        RewriteRule ^(.*)$ /public/$1 [L]
</IfModule>

I have many routes within these two groups and I use this to not let a client access the admin route by typing the URL. I do not know if that's the best way, but that's what I got. If you have any other way, please let me know.

    
asked by anonymous 27.01.2016 / 15:31

3 answers

2

Believe it or not, but after pretty much all day on that, I solved the problem by just switching " === " to " == " and " !== " to " != ". I do not know what might have caused this malfunction in hosting, since it worked locally perfectly, but that was it!

    
28.01.2016 / 12:40
3

Can not you just use a Route and only a Middleware ?

Route::group(['middleware' => 'auth', 'middleware' => 'admin'], function(){
    Route::get('inicio', ['as' => 'inicio','uses' => 'Admin\InicioController@index']);
    Route::get('sist', ['as' => 'sist','uses' => 'Client\SistController@index']);
});

Register this Middleware in the Kernel.php folder in the app / Http folder, in this array , last line:

protected $routeMiddleware = [
    'auth'          => 'App\Http\Middleware\Authenticate',
    'auth.basic'    => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
    'guest'         => 'App\Http\Middleware\RedirectIfAuthenticated',
    'login'         => 'App\Http\Middleware\AdminMiddleware',
];

Then in% with% of middleware , put as I did above: Route::group instead of that whole name.

Then in AdminMiddleware.php do both:

class AdminMiddleware
{
    public function handle($request, Closure $next)
    {
        if (Auth::user()->id_cliente !== 1){
            return redirect('/sist');
        }else{
            return redirect('/inicio');
        }
        return $next($request);
    }
}

It's not about middleware => 'admin' .

    
27.01.2016 / 18:28
1

I know it's been a long time, but I wanted to comment to understand the difference between "==" and "===", hence "!=" and "! =="

When we use validation of type ===, it equals strictly equal, what this means, in addition to the value of the variable having to be equal the type must also be the same, eg:

Ex:

$id_cliente === 1 

In this case, if your variable is a string, it would give error, because it is comparing a value with a variable that expects a string.

If so, the comparison should look like this:

$id_cliente === "1"
    
04.12.2017 / 23:46