CODEWITHSUNDEEP
phplaravel-5laravel-routing
Sachin Sharma
Sachin Sharma

Reputation: 417

Laravel Redirection doesn't work

I am using Laravel 5.1. My controller is specifically for admin users. So I check whether user is admin or not.This is my code.

public function getAdminData()
  {
    $this->checkAdminStatus();
    return response()->json(array('admin-data'));
  }
public function checkAdminStatus()
  {
    $userManager = new UserManager();
    if(!$userManager->isAdmin())
    {
        return redirect()->route('returnForbiddenAccess');
    }
  }

My route is 

Route::any('api/app/forbidden',['uses' =>'ErrorController@returnNonAdminErrorStatus','as'=>'returnForbiddenAccess']);

Now if user is not admin, then it should not return admin-data yet it returns. Shouldn't it stop processing logic after redirect()->route call? Also this is purely REST application.

Upvotes: 2

Views: 1218

Answers (2)

Jiedara
Jiedara

Reputation: 526

Why don't you use Laravel Middleware solution for your need ? You can link a middleware to your controller, checking if the current user is an administrator, and redirect if not :

//You Middleware Handle method
public function handle($request, Closure $next)
{
  if ($this->auth->guest() || !($this->auth->user()->isAdmin))
  {
        return redirect('your/url')->with('error','no admin');;
  }
return $next($request);
}

You can add on or multiple middleware for a controller in his construct method

//your controller
public function __construct(Guard $auth, Request $request){
    $this->middleware('auth', ['except' => ['index', 'show']]); //here one 'auth' middleware
    $this->middleware('admin', ['only' => ['index', 'show', 'create','store']]); //here the admin middleware
}

Notice the onlyand except parameters that allow or disallow the middleware for some controller methods

Check laravel documentation on Middleware for more information :)

Upvotes: 4

Jeff Lambert
Jeff Lambert

Reputation: 24671

No, your logic is slightly flawed. The return value you are sending back from checkAdminStatus() is simply being ignored and thrown away:

public function getAdminData()
{
    // You don't have $redirectValue in your code, but imagine it 
    // is there. To actually redirect, you need to return this value
    // from your controller method
    $redirectValue = $this->checkAdminStatus();

Nothing is being done with that redirect. The only time something is being returned from your controller is happening on every single request. I would suggest something more like this:

public function getAdminData(UserManager $userManager)
{
    if($userManager->isAdmin()) {
        return response()->json(array('admin-data'));
    }

    return redirect()->route('forbidden-access');
}

I think this captures the spirit of your question: the only time anything is being returned here is if the user is an admin.

As an aside, you are returning JSON data in one case, and a redirect in another. This may not be a very good idea. My reasoning is because, normally, JSON data is returned in response to AJAX requests, which in my experience are seldom followed up with an actual redirect in the event of failure. (YMMV)

Upvotes: 1

Related Questions