php - Restrict route access to non-admin users -


goal

i'm trying create admin route restriction log-in users. i've tried check see if user log-in, , if user type admin, , if are, want allow them access admin route, otherwise, respond 404.

routes.php

<!-- route group --> $router->group(['middleware' => 'auth'], function() {       <!-- no restriction -->     route::get('dashboard','welcomecontroller@index');      <!-- admin -->     if(auth::check()){         if ( auth::user()->type == "admin" ){              //report             route::get('report','reportcontroller@index');             route::get('report/create', array('as'=>'report.create', 'uses'=>'reportcontroller@create'));             route::post('report/store','reportcontroller@store');             route::get('report/{id}', array('before' =>'profile', 'uses'=>'reportcontroller@show'));             route::get('report/{id}/edit', 'reportcontroller@edit');             route::put('report/{id}/update', array('as'=>'report.update', 'uses'=>'reportcontroller@update'));             route::delete('report/{id}/destroy',array('as'=>'report.destroy', 'uses'=>'reportcontroller@destroy'));          }     }  });

result

it's not working intended. throws 404 error - admin users.

you can use middleware simple case.

  1. create middleware:
php artisan make:middleware adminmiddleware 
namespace app\http\middleware;  use app\article; use closure; use illuminate\contracts\auth\guard;  class adminmiddleware {     /**      * guard implementation.      *      * @var guard      */     protected $auth;      /**      * create new filter instance.      *      * @param  guard  $auth      * @return void      */     public function __construct(guard $auth)     {         $this->auth = $auth;     }      /**      * handle incoming request.      *      * @param  \illuminate\http\request  $request      * @param  \closure  $next      * @return mixed      */     public function handle($request, closure $next)     {         if ($this->auth->getuser()->type !== "admin") {             abort(403, 'unauthorized action.');         }          return $next($request);     } }
  1. add app\http\kernel.php:
protected $routemiddleware = [     'admin' => 'app\http\middleware\adminmiddleware', ];
  1. use middleware in routes:
route::group(['middleware' => ['auth', 'admin']], function() {     // routes });

Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

php - Bypass Geo Redirect for specific directories -

i'm trying bypass redirect specific url within site. wondering if might able help. the code below code use, original urls replaces example.com i'd able access http://example.com/admin without redirect occuring. is there way this, , there way using own ip? function country_geo_redirect() { $country = getenv('http_geoip_country_code'); if ($country == "us" ) { wp_redirect("http://usa.example.com/"); exit; } else if ($country == "gb" ) { wp_redirect("http://uk.example.com/"); exit; } } add_action('init', 'country_geo_redirect'); you can bypass redirection code if server found ip address. if ip address == <my ip address> ' nothing here else country_georedirect() end if
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more