Laravel Middleware with Multiple Roles

Laravel middleware with multiple roles

You should't have a separate middleware for each role. It will get very messy very fast. It would be better to have a single role checking middleware that can check against any role passed to it.

Http\Kernel.php

protected $routeMiddleware = [
    ...
    'role' => \App\Http\Middleware\Role::class,
];

Http\Middleware\Role.php

public function handle($request, Closure $next, ... $roles)
{
    if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
        return redirect('login');

    $user = Auth::user();

    if($user->isAdmin())
        return $next($request);

    foreach($roles as $role) {
        // Check if user has the role This check will depend on how your roles are set up
        if($user->hasRole($role))
            return $next($request);
    }

    return redirect('login');
}

Finally in your web routes

Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');

Laravel middleware multiple roles

The problem is that your adminUser will have to go through the masterAdminUser Middleware that return back();. Therefore your adminUser will not have a chance to go through the admin Middleware and not be able to access the Categories.

A solution for this would be to handle your role management in a single middleware, for example, a CategoryMiddleware. This middleware will check the role and return back(); only if not allowed

A cleaner Laravel solution would be to use Policies, that seems very suited for your situation - you can have a look at the documentation.

How to add multiple roles to a route group laravel

This is what I did in my CheckRole Middleware

public function handle($request, Closure $next) {
    // I'm using the api guard
    $role = strtolower( request()->user()->type );
    $allowed_roles = array_slice(func_get_args(), 2);

    if( in_array($role, $allowed_roles) ) {
        return $next($request);
    }

    throw new AuthenticationException();
}

And in my router file

Route::group(["middleware" => "role:admin,worker"], function() {

});

---

This might not be the perfect solution, at least it works for me.

Laravel 8: Middleware Roles

In addition to the solution given by @nagidi, you can update the middleware handle condition to check either account_type is profile or business.

public function handle($request, Closure $next, $type)
    {

     if (Auth::user() &&  Auth::user()->account_type == $type) {
            return $next($request);
     }
      abort(403, 'Unauthorized action.');
    }

Route::get('/business-profile', ['middleware' => 'accType:business', function () {
    //
}]);
Route::get('/profile', ['middleware' => 'accType:profile', function () {
    //
}]);

Laravel how to add middleware to controller with multiple roles?

The problem is that you have attached the middleware to view endpoint with 'role:organizer' twice in the first time it only check is user has role organizer and it doing redirect and it's not going check the second time so to exclude this behavior you should attache middlewares like this

$this->middleware(['auth', 'verified', 'onboarding']);
$this->middleware(['role:artist,organizer'])->only('view');
$this->middleware('role:organizer')->except('view');// because it already added above

Middleware on route level based on multiple user roles

You need to implement one middleware and pass user types to it.

Route::group(['middleware' => ['check_user_type:type_1,type_2']], function () {
        Route::get('url-1', 'XYZController@someMethod');
    });

Take a look how similar logic implemented in spatie/laravel-permission role middleware.

Route::group(['middleware' => ['role:super-admin|writer']], function () {
    //
});

Middleware then explodes roles string by the separator, and then check if the current user has any of the roles.

Multi user role in laravel 8

In the User Model you have to define the role relationship.

Put this to your User Model:

    public function role()
    {
       return $this->belongsTo(Role::class, 'user_role_id');
    }

Of course you have to have the Role model, but I guess you already have that

public function handle(Request $request, Closure $next)
    {
        if(!Auth::check()){
            return redirect()->route('login.user')->with('error', 'Please login first');
        }

        if(Auth::user()->role->user_type == 'admin'){
            return $next($request);
        }

        if(Auth::user()->role->user_type == 'user'){
            return redirect()->route('user.dashboard');
        }
    }

Another solution could be without relationship just like this:

public function handle(Request $request, Closure $next)
    {
        if(!Auth::check()){
            return redirect()->route('login.user')->with('error', 'Please login first');
        }

        if(Auth::user()->user_role_id == 1){
            return $next($request);
        }

        if(Auth::user()->user_role_id == 2){
            return redirect()->route('user.dashboard');
        }
    }

How you can use 2 roles on 1 route?

As documentation says

you can separate multiple roles or permission with a | (pipe) character:

Route::group(['middleware' => ['role:super-admin|writer']], function () {
    //
});

---

Related Topics