Laravel Middleware with other than user()

Question

Can we use Middleware with other than User method? I mean... almost in every example or explanations they used $request->user() to check user's permissions.

However I want to check user's permission in other table like $request->category(). There I want to check if user is Owner of that particular category or not. On this basis, Owner of that category can move around various sections (controllers) with-in that category else he will restricted from that.

Is it possible in Middleware?

============ HERE IS BETTER EXPLANATIONS ================

Suppose I own a Group (With Access_Specify> 0:Public, 1:Member, 2:Only Me). Now other user may/may-not subscribe to this group to become member/public to this Group. Beside all this, Group have sub-sections like Albums, Pages, Post etc.

Now, what I want here is to check coming user's privileges in 2 tables before heading in this group. First in Group(via Access_Specify) then Second in GroupMember that if coming user is member of that Group or not.

Case-Condition: If Group's Access_Specify set to 1 (Member Access) then only members (+Owner of that group) are allowed to get into that Group.

Group (Access_Specify= 0:Public, 1:Member, 2:Only Me) && GroupMember (UserStatus= 0:PendingForApproval, 1:JoinedAsMember)

if( Above condition is true ){

• Album
• Pages
• Post
• etc..

} else { Throw User Out With Error - Exception }

====================================

In any case I don't want to put this condition in Controllers because... I can't put and check things again and again in every sub-section (controllers). I want the solution like Middleware do, To check user and only then process request.

Answer 1

Using Gates

For simple stuff, you can write Gates. They are typically defined in an application Service Provider, such as the AuthServiceProvider.

Example

In the boot() method of your Service Provider, you can define gates that will check if a given $user owns the given $category:

Defining the Gate

Gate::define('update-category', function ($user, $category) {
    return $user->id == $category->user_id;
});

The $user is a required argument that is automatically passed by Laravel when the Gate is used, and you may pass any additional arguments you need to check against.

Using the Gate

When you need to check if the user owns the category, simply call:

if (Gate::allows('update-category', $category)) {
    // The current user can update the category...
}

or

if (Gate::denies('update-category', $category)) {
    // The current user can't update the category...
}

You can find more information about Gates in the official documentation for authorization

Using Policies

For more advanced authorization, it's probably more suitable to use Policies. Policies are classes that organize authorization logic around a particular model or resource.

So you could create a CategoryPolicy where you create all your checks and register it in the $policies array in your AuthServiceProvider.

This way you have a handful of options on how and when you would like to call this policy.

• Via the User model
• Via Middleware
• Via Controller helpers
• Via Blade templates

Again, the official documentation about registering and using Policies does a wonderful job of explaining all of this.