Rubberduck1337106092
Reputation: 1344
Laravel Routing Multi level users with middleware
Hello i have 2 level users: 1 Super admin who is able to see and do everthing 2 TD which is able to only see stuff and not change anything
I made 2 middleware: 1 auth.superadmin and 1 auth.td
My routes:
Route::group(['middleware' => ['auth.superadmin']], function() {
Route::get('/users/{id}/destroy', 'UsersController@destroy');
Route::get('/searchuser', 'UsersController@searchuser');
Route::get('/users/create-worker', 'UsersController@getcreateworker');
Route::post('/users/post-create-worker', 'UsersController@postcreateworker');
Route::get('/users/create-agent', 'UsersController@getcreateagent');
Route::post('/users/post-create-agent', 'UsersController@postcreateagent');
Route::get('/users-optima', 'UsersController@indexoptima');
Route::resource('/users', 'UsersController');
Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController@searchpart');
Route::get('/searchpart', 'PartsController@searchpart');
Route::resource('/parts', 'PartsController');
});
Route::group(['middleware' => ['auth.td']], function() {
Route::get('/users/{id}/destroy', 'UsersController@destroy');
Route::get('/searchuser', 'UsersController@searchuser');
Route::resource('/users', 'UsersController',
['only' => ['index']]);
Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController@searchpart');
Route::get('/searchpart', 'PartsController@searchpart');
Route::resource('/parts', 'PartsController');
});
My middelware: superadmin
if (auth()->check() && auth()->user()->level == 1) {
return $next($request);
}
return abort(404, 'no entry to this page');
TD
if (auth()->check() && auth()->user()->level == 2) {
return $next($request);
}
return abort(404, 'no entry to this page');
I tried beginning with /Users. TD can only see the index at /Users.
When i do it this way the auth.superadmin cannot see index@/users...
Am i doing it wrong?
Any help is appreciated.
Upvotes: 2
Views: 867
Answers (1)
Saumya Rastogi
Reputation: 13709
You can modify your routes and its groups like this:
Route::group(['middleware' => ['auth.td']], function() {
Route::get('/users/{id}/destroy', 'UsersController@destroy');
Route::get('/searchuser', 'UsersController@searchuser');
Route::resource('/users', 'UsersController',['only' => ['index']]);
Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController@searchpart');
Route::get('/searchpart', 'PartsController@searchpart');
Route::resource('/parts', 'PartsController');
Route::group(['middleware' => ['auth.superadmin']], function() {
Route::get('/users/{id}/destroy', 'UsersController@destroy');
Route::get('/searchuser', 'UsersController@searchuser');
Route::get('/users/create-worker', 'UsersController@getcreateworker');
Route::post('/users/post-create-worker', 'UsersController@postcreateworker');
Route::get('/users/create-agent', 'UsersController@getcreateagent');
Route::post('/users/post-create-agent', 'UsersController@postcreateagent');
Route::get('/users-optima', 'UsersController@indexoptima');
Route::resource('/users', 'UsersController');
Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController@searchpart');
Route::get('/searchpart', 'PartsController@searchpart');
Route::resource('/parts', 'PartsController');
});
});
and your auth:td middleware should be like this:
if (auth()->check() && (auth()->user()->level == 1 || auth()->user()->level == 2)) {
return $next($request);
}
return abort(404, 'no entry to this page');
Just for your knowledge you can either remove the outer middleware (
auth:td) as both users can use the routes under it. But I haven't done that because I think you have more users in your system.
Hope this helps!
Upvotes: 3
Related Questions
- Laravel route group and middlewares
- Laravel same route for different middlewares
- Laravel Middleware / Route Groups
- Laravel Routes and middleware
- Laravel 5.6 distribute routes by user params
- Middleware on route level based on multiple user roles
- web middleware for specific routes in laravel 5.2
- Laravel multilevel routing
- Laravel 5.2 nested route groups with middleware
- Restrict route access to non-admin users