Laravel middleware not restricting route access

Question

I created a middleware which allows allows users only if they have a role client. But when i use the middleware it still let the users to access routes who dont have client role.

public function handle($request, Closure $next)
{
    $user = \Auth::user();
    if ($user && $user->role = 'client') {
        return $next($request);
    }

    return redirect('home');

}

Here is my route. I did the same thing with other middleware which works fine. but not this

Route::group(['middleware'=>['auth']],function(){

Route::group(['middleware'=>['client']],function(){

   Route::get('/index',[
'as' => 'index',
'uses' => 'HomeController@showCandidates',
]);
});
});

When the role is not client it shouldn't let access the route but it does.

edit From alexey's answer I changed my other middleware with == , the question above is solved. But the middleware below restricts me from accessing the route even though my role is interviewer.

public function handle($request, Closure $next)
{
    $user = \Auth::user();

    if($user && $user->roles == 'interviewer'){
        return $next($request);
    }
    return redirect('home');

}

Here is my route

Route::group(['middleware'=>['auth','interviewer']],function(){

Route::get('/candidates', [
'uses' => 'candidateController@showProfile',
]);
});

What is the possible error i am making here. It works fine when = is used in interviewer middleware and == used in client middleware and not working when done vice versa.

Alexey Mezenin · Accepted Answer

Since you're checking the role, change this:

$user->role = 'client'

To this:

$user->role == 'client'

Laravel middleware not restricting route access

Answers (2)

Related Questions