php - Restrict route access to non-admin users -


goal

i'm trying create admin route restriction log-in users. i've tried check see if user log-in, , if user type admin, , if are, want allow them access admin route, otherwise, respond 404.

routes.php

<!-- route group --> $router->group(['middleware' => 'auth'], function() {       <!-- no restriction -->     route::get('dashboard','welcomecontroller@index');      <!-- admin -->     if(auth::check()){         if ( auth::user()->type == "admin" ){              //report             route::get('report','reportcontroller@index');             route::get('report/create', array('as'=>'report.create', 'uses'=>'reportcontroller@create'));             route::post('report/store','reportcontroller@store');             route::get('report/{id}', array('before' =>'profile', 'uses'=>'reportcontroller@show'));             route::get('report/{id}/edit', 'reportcontroller@edit');             route::put('report/{id}/update', array('as'=>'report.update', 'uses'=>'reportcontroller@update'));             route::delete('report/{id}/destroy',array('as'=>'report.destroy', 'uses'=>'reportcontroller@destroy'));          }     }  });

result

it's not working intended. throws 404 error - admin users.

you can use middleware simple case.

  1. create middleware:
php artisan make:middleware adminmiddleware 
namespace app\http\middleware;  use app\article; use closure; use illuminate\contracts\auth\guard;  class adminmiddleware {     /**      * guard implementation.      *      * @var guard      */     protected $auth;      /**      * create new filter instance.      *      * @param  guard  $auth      * @return void      */     public function __construct(guard $auth)     {         $this->auth = $auth;     }      /**      * handle incoming request.      *      * @param  \illuminate\http\request  $request      * @param  \closure  $next      * @return mixed      */     public function handle($request, closure $next)     {         if ($this->auth->getuser()->type !== "admin") {             abort(403, 'unauthorized action.');         }          return $next($request);     } }
  1. add app\http\kernel.php:
protected $routemiddleware = [     'admin' => 'app\http\middleware\adminmiddleware', ];
  1. use middleware in routes:
route::group(['middleware' => ['auth', 'admin']], function() {     // routes });

Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more

Website Login Issue developed in magento -

i have website developed using magento . able login. right now, login failed. infact operations interacts user table failing. need know issue. how figure out? first clear try clear log file second make sure have not upgraded magento and 3rd make sure db accessible in magento -harry p
Read more