How to restrict routes in Laravel 4?

Question

I have 2 types of user :

1. Admin
2. Not Admin

Admin will get the full-access, where Not Admin will only get the index.

Here are my routes

 Route::get('users','UserController@index');
 Route::get('users/create', array('as'=>'users.create', 'uses'=>'UserController@create'));
 Route::post('users/store','UserController@store');
 Route::get('users/{id}', array('before' =>'profile', 'uses'=>'UserController@show'));
 Route::get('users/{id}/edit', 'UserController@edit');
 Route::put('users/{id}/update', array('as'=>'users.update', 'uses'=>'UserController@update'));
 Route::delete('users/{id}/destroy',array('as'=>'users.destroy', 'uses'=>'UserController@destroy'));

How do I make a restriction so that Admin will get the full-access, where Not Admin will only get the access to index.

Answer 1

To elaborate on @ceejayoz answer with an example:

/*
 * Check if user is logged in
 */
Route::filter('auth', function(){

    if(!Auth::check()){

        return Redirect::to('login')->with('message', 'You must be logged in');

    }

});

/*
 * Check if the logged in users group name is 'admin'
 */
Route::filter('admin', function(){

    if(Auth::user()->group->name != 'admin'){

        return Redirect::to('home')->with('message', 'You do not have access to this');

    }

});


//Users must be logged in to access these routes
Route::group(array('before'=>'auth'), function(){

    Route::get('users','UserController@index');

    //Users must be an administrator to access these routes
    Route::group(array('before'=>'admin'), function(){

        Route::get('users/create', array('as'=>'users.create', 'uses'=>'UserController@create'));
        Route::post('users/store','UserController@store');
        Route::get('users/{id}', array('before' =>'profile', 'uses'=>'UserController@show'));
        Route::get('users/{id}/edit', 'UserController@edit');
        Route::put('users/{id}/update', array('as'=>'users.update', 'uses'=>'UserController@update'));
        Route::delete('users/{id}/destroy',array('as'=>'users.destroy', 'uses'=>'UserController@destroy'));

    });

});

Answer 2

Add this to your filters.php

Route::filter('admin', function()
{
    if (Auth::user()->type == "Admin") // Change this to match your !
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 404);
        }

    }

    else return View::make('error'); // Need to have this view !
});

Then try this on your routes.php

Route::group(array('before'=>'admin'),function() {

//Users
                Route::get('users','UserController@index');
                Route::get('users/create', array('as'=>'users.create', 'uses'=>'UserController@create'));
                Route::post('users/store','UserController@store');
                Route::get('users/{id}', array('before' =>'profile', 'uses'=>'UserController@show'));
                Route::get('users/{id}/edit', 'UserController@edit');
                Route::put('users/{id}/update', array('as'=>'users.update', 'uses'=>'UserController@update'));
                Route::delete('users/{id}/destroy',array('as'=>'users.destroy', 'uses'=>'UserController@destroy'));

Repeat for if (Auth::user()->type != "Admin")

Answer 3

You would use a route filter that checks their permission level.