Laravel middleware with multiple roles
You should't have a separate middleware for each role. It will get very messy very fast. It would be better to have a single role checking middleware that can check against any role passed to it.
Http\Kernel.php
protected $routeMiddleware = [
...
'role' => \App\Http\Middleware\Role::class,
];
Http\Middleware\Role.php
public function handle($request, Closure $next, ... $roles)
{
if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
return redirect('login');
$user = Auth::user();
if($user->isAdmin())
return $next($request);
foreach($roles as $role) {
// Check if user has the role This check will depend on how your roles are set up
if($user->hasRole($role))
return $next($request);
}
return redirect('login');
}
Finally in your web routes
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');
Laravel middleware multiple roles
The problem is that your adminUser
will have to go through the masterAdminUser
Middleware that return back();
. Therefore your adminUser
will not have a chance to go through the admin Middleware and not be able to access the Categories.
A solution for this would be to handle your role management in a single middleware, for example, a CategoryMiddleware
. This middleware will check the role and return back();
only if not allowed
A cleaner Laravel solution would be to use Policies, that seems very suited for your situation - you can have a look at the documentation.
How to add multiple roles to a route group laravel
This is what I did in my CheckRole Middleware
public function handle($request, Closure $next) {
// I'm using the api guard
$role = strtolower( request()->user()->type );
$allowed_roles = array_slice(func_get_args(), 2);
if( in_array($role, $allowed_roles) ) {
return $next($request);
}
throw new AuthenticationException();
}
And in my router file
Route::group(["middleware" => "role:admin,worker"], function() {
});
This might not be the perfect solution, at least it works for me.
Laravel 8: Middleware Roles
In addition to the solution given by @nagidi, you can update the middleware
handle condition to check either account_type
is profile or business.
public function handle($request, Closure $next, $type)
{
if (Auth::user() && Auth::user()->account_type == $type) {
return $next($request);
}
abort(403, 'Unauthorized action.');
}
Route::get('/business-profile', ['middleware' => 'accType:business', function () {
//
}]);
Route::get('/profile', ['middleware' => 'accType:profile', function () {
//
}]);
Laravel how to add middleware to controller with multiple roles?
The problem is that you have attached the middleware to view endpoint with 'role:organizer' twice in the first time it only check is user has role organizer and it doing redirect and it's not going check the second time so to exclude this behavior you should attache middlewares like this
$this->middleware(['auth', 'verified', 'onboarding']);
$this->middleware(['role:artist,organizer'])->only('view');
$this->middleware('role:organizer')->except('view');// because it already added above
Middleware on route level based on multiple user roles
You need to implement one middleware and pass user types to it.
Route::group(['middleware' => ['check_user_type:type_1,type_2']], function () {
Route::get('url-1', 'XYZController@someMethod');
});
Take a look how similar logic implemented in spatie/laravel-permission role middleware.
Route::group(['middleware' => ['role:super-admin|writer']], function () {
//
});
Middleware then explodes roles string by the separator, and then check if the current user has any of the roles.
Multi user role in laravel 8
In the User Model you have to define the role relationship.
Put this to your User Model:
public function role()
{
return $this->belongsTo(Role::class, 'user_role_id');
}
Of course you have to have the Role model, but I guess you already have that
public function handle(Request $request, Closure $next)
{
if(!Auth::check()){
return redirect()->route('login.user')->with('error', 'Please login first');
}
if(Auth::user()->role->user_type == 'admin'){
return $next($request);
}
if(Auth::user()->role->user_type == 'user'){
return redirect()->route('user.dashboard');
}
}
Another solution could be without relationship just like this:
public function handle(Request $request, Closure $next)
{
if(!Auth::check()){
return redirect()->route('login.user')->with('error', 'Please login first');
}
if(Auth::user()->user_role_id == 1){
return $next($request);
}
if(Auth::user()->user_role_id == 2){
return redirect()->route('user.dashboard');
}
}
How you can use 2 roles on 1 route?
As documentation says
you can separate multiple roles or permission with a | (pipe) character:
Route::group(['middleware' => ['role:super-admin|writer']], function () {
//
});
Related Topics
PHP Float with 2 Decimal Places: .00
Write CSV to File Without Enclosures in PHP
PHP PDF Template Library with PDF Output
Install PHP-Mcrypt on Centos 6
Laravel Middleware Return Variable to Controller
Using Scandir() to Find Folders in a Directory (Php)
Limit Download Speed Using PHP
Is Header('Content-Type:Text/Plain'); Necessary at All
Laravel Eager Loading - Load Only Specific Columns
Using Utf8Mb4 with PHP and MySQL
Installing the PHP 7 Mongodb Client/Driver
Reverse Order of Foreach List Items
Laravel - Decryptexception: 'The MAC Is Invalid'
Differencebetween Switch-Case and If-Else in PHP
Mysqli Prepared Statement Num_Rows Returns 0 While Query Returns Greater Than 0