How to Protect the admin Panel in Laravel 5.2

Question

I have created an eCommerace Application which has admin panel and userview( store for products ) , I want admin to access admin panel while other users to access only specific URLs and products details etc. I have installed Authentication to my Application via php artisan make:auth and it is working fine but what I want to do is now apply a filter which will show admin panel to ADMIN only and store will be displayed to other users.

I have declared a Boolean field in my database which will hold value 0 by default for common users and will hold 1 for admins.

Migrations:

Schema::create('users', function (Blueprint $table) {
            $table->increments('id');
            $table->string('name');
            $table->string('email')->unique();
            $table->string('password', 60);
            $table->boolean('admin')->default(0);
            $table->rememberToken();
            $table->timestamps();
});

AuthController:

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    /**
     * Where to redirect users after login / registration.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => 'logout']);
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }
}

            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|confirmed|min:6',
        ]);
    }

Answer 1

As @AnowarCst said. Use the middleware.

in project root:

php artisan make:middleware Admin

open the new file App/Http/Middleware/Admin.php.

In handle() method add:

    if ( Auth::check() && Auth::user()->isAdmin() )
    {
        return $next($request);
    }

    return redirect('/');

Open App/Http/Kernel.php and add following into the $routeMiddleware array:

    'admin' => \App\Http\Middleware\Admin::class,

Open user model: App/User.php

add

/**
 * Check if user is admin.
 *
 * @return bool
 */
public function isAdmin()
{
     return $this->admin;
} 

Now you can use the middleware in the routes.php file as:

Route::get('/uri-that-users-will-see', ['middleware' => ['auth','admin'], 'as' => 'your-route-name', 'uses' => 'YourController@yourMethod']);

This was mostly from the head so please report if I skipped something or there's an error.