Laravel 5.4 Middleware for Admin and User Role

Question

I created two Middleware called "MustBeAdmin" and "MustBeUser" to make sure depending on the user login I redirect them to the right page and restrict unauthorized content. Currently everything is working fine and redirects work well too. But the Logic I wrote behind the scene seems wrong to me and its weird it still works. If I write the logic that seems right to me atleast, it does not seem to work as expected.

Users table

id (1,2,3,...)
name
role (1,2,3,...)

Roles table

id (1,2,3,...)
role (Student, Admin,...)

MustBeAdmin middleware

public function handle($request, Closure $next)
    {
        if($request->user()->role == 2)
        {
            return $next($request);
        }
        else
        {
            return redirect('/admin/users');
        }

    }

MustBeUser middleware:

public function handle($request, Closure $next)
    { 
        if($request->user()->role == 1)
        {
            return $next($request);
        }
        else
        {
            return redirect('/admin/users');
        }

    }

kernel.php

'admin' => \App\Http\Middleware\MustBeAdmin::class,
'user' => \App\Http\Middleware\MustBeUser::class,

As you can see I have registered middlewares in kernel.

I am getting results exactly what I need but I doubt if the logic in middleware is correct?

1 = Student
2 = Admin

if you see in MustBeAdmin middleware I am comparing if user role is 2 (admin) then do next($request) and in MustBeUser middleware I am comparing if user role is 1 (Student) then do next($request) and I set else to /Admin directory.

I feel its wrong, what do you think?

Answer 1

Yes, It can be handled in one common file. Here is the code

public function handle($request, Closure $next)
{
    $user = User::find(Auth::id());
    $roles = [];
    foreach ($user->roles as $key => $value) {
        array_push($roles, $value->pivot->role_id);
    }

    $routeName = Route::getFacadeRoot()->current()->uri();
    $route = explode('/', $routeName);
    if ($route[0] == "teacher") {
        if (in_array(2, $roles)) {
            return $next($request);
        } else {
            return response('Unauthorized.', 401);
        }
    } elseif ($route[0] == "student") {
        if (in_array(1, $roles)) {
            return $next($request);
        } else {
            return response('Unauthorized.', 401);
        }
    } elseif ($route[0] == "admin") {
        if (Auth::user()->admin == 1) {
            return $next($request);
        } else {
            return response('Unauthorized.', 401);
        }
    } else {
        if (!Auth::user()) {
            if ($request->ajax()) {
                    return response('Unauthorized.', 401);
            } else {
                    return redirect()->guest('admin-panel/auth/login');
            }
        }
    }

    return $next($request);
}

You can alter the logic according to your need.

Answer 2

You are not checking the authenticated users details in your Middleware. The middleware should be something like:

//for student 
public function handle($request, Closure $next)
{

    if ( Auth::check() && Auth::user()->role == 1 )
    {
        return $next($request);
    }

    return redirect('/admin');

}


//for admin 
public function handle($request, Closure $next)
{

    if ( Auth::check() && Auth::user()->role == 2 )
    {
        return $next($request);
    }

    return redirect('/student');

}

You should check my detailed answer on the same topic here