Viktor Erepanov
Reputation: 41
Laravel 4: How to protect group routes admins and users?
Good day! Please tell me how to split the routes users and administrators? To authorize the user got to your home page and could move only to the right routes and the admin came on your web page and could see only their routes. My file routes.php
Route::get('/', array(
'as' => 'home',
'uses' => 'HomeController@home'
));
Route::group(array('before' => 'auth'), function(){
Route::group(array('before' => 'csrf'), function(){
Route::post('/account/change-password', array(
'as' => 'account-change-password-post',
'uses' => 'AccountController@postChangePassword'
));
});
Route::get('/account/change-password', array(
'as' => 'account-change-password',
'uses' => 'AccountController@getChangePassword'
));
Route::get('/user/{username}', array(
'as' => 'profile-user',
'uses' => 'ProfileController@user'
));
Route::get('/account/sign-out', array(
'as' => 'account-sign-out',
'uses' => 'AccountController@getSignOut'
));
});
Route::group(array('before' => 'admin'), function(){
Route::get('/dashboard', array(
'as' => 'dashboard',
'uses' => 'TiketsController@dashboard'
));
Route::get('/tiket-new', array(
'as' => 'tiket-new',
'uses' => 'TiketsController@tiketNew'
));
Route::get('/tiket-work', array(
'as' => 'tiket-work',
'uses' => 'TiketsController@tiketWork'
));
Route::get('/tiket-complete', array(
'as' => 'tiket-complete',
'uses' => 'TiketsController@tiketComplete'
));
Route::get('/tiket-arhive', array(
'as' => 'tiket-arhive',
'uses' => 'TiketsController@tiketArhive'
));
});
Route::group(array('before' => 'user'), function(){
Route::get('/user-dashboard', array(
'as' => 'user-dashboard',
'uses' => 'TiketsController@userDashboard'
));
});
My AccountController.php
public function postSignIn(){
$validator = Validator::make(Input::all(),
array(
'email' => 'required|email',
'password' => 'required'
));
if($validator->fails()){
return Redirect::route('account-sign-in')
->withErrors($validator)
->withInput();
} else {
$remember = (Input::has('remember')) ? true : false;
$auth = Auth::attempt(array(
'email' => Input::get('email'),
'password' => Input::get('password'),
'active' => 1
), $remember);
if($auth){
if (Auth::user()->role==5) {
return Redirect::intended('/dashboard');
}
if (Auth::user()->role==1) {
return Redirect::intended('/user-dashboard');
}
} else {
return Redirect::route('account-sign-in')
->with('global', 'Error');
}
}
Unfortunately, when such routes admins and users can see the pages of each other. Please tell me as much detail as possible, how to distinguish between different groups of users?
Upvotes: 0
Views: 186
Answers (1)
Ted
Reputation: 4166
you can use
Route::filter('pattern: admin/*', 'auth')
this match patterns like
admin/cpanel
admin/dir/path/...
. . .
and
Route::filter('pattern: user/*', 'auth2')
Upvotes: 1
Related Questions
- Simple approach of route protection based on roles Laravel 5.2
- Laravel protect routes from users that are not admin
- Route restricting to that user and admin only
- Laravel Route::group for Admins
- Laravel: How to restrict route to admin and groupmates
- laravel 5.2 how to protect route only for authenticated user
- Protecting all admin/ routes with auth in Laravel
- Protect routes in Laravel 5.1
- Restrict route access to non-admin users
- Laravel 4: protecting routes provided by a controller