nasor
Reputation: 441
Laravel authorization using middleware
I have following tables:
Role Table
- ID
- Title
Permission Table
- ID
- Title
- Role_id
- Permissions ( like : {test:"create","edit","update","delete"} )
Now after logging in how can I check through middleware whether that specific user has above permissions, whether he can create/edit/update/delete.
I don't want to specify the permissions or role name in routes.
Route::group(['permission'=>'create-user'] ...
Instead want to check with the help of middleware.
Route::group(['middleware'=>'authorization'] ...
So that I don't have to specify individual permissions in route each time new role and permissions to those role has been added.
Thankyou
Upvotes: 0
Views: 833
Answers (1)
linktoahref
Reputation: 7992
You need to create a middleware and in the handle method of that middleware just check for the permissions
public function handle($request, Closure $next, $guard = null)
{
$records = DB::table('role_table')
->join('permissions_table', 'role_table.ID', '=', 'permissions_table.Role_id')
->select('permissions_table.Permissions')
->first();
if (count($records) > 0) {
$permisssions = json_decode($records->Permissions, true);
if (in_array("create", $permissions['test'])) {
// has permission to create
// redirect to the authorized page
}
...
} else {
return redirect('to access denied page');
}
return $next($request);
}
add the middleware to App\Http\Kernel.php $routeMiddleware array
protected $routeMiddleware = [
'authorization' => \App\Http\Middleware\AuthorizationMiddleware::class
];
Upvotes: 2
Related Questions
- Using Laravel Auth middleware
- Laravel API authentication middleware
- Laravel authorization via middleware
- Authorization Middleware laravel 5.6
- Auth middleware in Laravel 5.4
- Laravel 5.2 - middleware auth
- Middleware and user - laravel 5
- Laravel Middleware Auth for API
- Laravel 5.2: How to use auth in middleware
- Authorization along with Authentication in Route.php : Laravel 5.1