I'm using Laravel 8 and I want to apply a middleware to check if the user has is_staff
or is_superuser
set to 1 then he can access the admin Dashboard, otherwise he wouldn't be able to access it.
To do this I created this:
public function handle($request, Closure $next) { if(Auth::check()) { if(auth()->user()->isSuperUser() || $request->user()->isStaffUser()) { return $next($request); }else{ return redirect('/home'); } }else{ return redirect('/'); } }
Now the problem is that it returns redirect('/');
means the middleware doesn't recognize that the user is logged in, but he is already logged in.
I have registered the middleware like this:
protected $routeMiddleware = [ ... 'auth.admin' => \App\Http\Middleware\AdminAuthenticated::class,
and apply it to my admin route (RouteServiceProvider.php
):
public function boot() { $this->configureRateLimiting(); $this->routes(function () { ... Route::middleware('auth.admin') ->namespace($this->namespace) ->prefix('admin') ->group(base_path('routes/web/admin.php')); }); }
This is admin.php
Route:
Route::get('/',function (){ return view('admin.master'); });
So what’s the problem here? How can I solve this problem?
P粉3546029552024-03-26 21:14:39
You're not showing the entire route, but I bet your usage will never be logged.
You may apply for:
Route::middleware('auth.admin') ->namespace($this->namespace) ->prefix('admin') ->group(base_path('routes/web/admin.php'));
For all management routes. So you have the login form and when you fill in the login data the user hits some endpoint which also has this middleware applied so it never reaches your controller where the user is actually logged in because the middleware redirects back to /.
All routes except login/reminder password should apply middleware, otherwise login will not be possible.
P粉7970046442024-03-26 20:56:59
I think you also need to add the web
middleware to the admin route.
public function boot() { $this->configureRateLimiting(); $this->routes(function () { ... Route::middleware(['web', 'auth.admin']) ->namespace($this->namespace) ->prefix('admin') ->group(base_path('routes/web/admin.php')); }); }
Auth::check()
Try to get the currently logged in user from the session.
web
The middleware group activates the session, which applies a bunch of middleware
//app/Http/Kernel.php 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ],
Without web
Middleware sessions will not be available