CODEWITHSUNDEEP
laravelmiddleware
Sami Mansour
Sami Mansour

Reputation: 75

how to disable laravel-filemanager from non-admin users?

I have laravel filemanager v1.7 in my project, and it works fine in administrator side, also images works fine in front-side. but my problem when any registered user (non-admin) or visitor can access laravel-filemanager page by when click on image right-click and open it in new window like:

http://domain/laravel-filemanager/photos/1/593e3d9f3d8fb.jpg

if remove (photos/1/593e3d9f3d8fb.jpg) he can access file manager.

i tried to change config/lfm.php in middlewares but i failed.... how i can disable LFM from any user not admin?

Note: I've middleware called checkRole that check role_id in users table. I tried to put it in lfm middlewares but it is not work

any help or suggestion?

Regards Sami

Upvotes: 1

Views: 2474

Answers (2)

Sami Mansour
Sami Mansour

Reputation: 75

Thanks @btl

I edited (vendor/unisharp/laravel-filemanager/src/routes.php)

from // Show LFM

until // delete,

i put all of them inside:

Route::group(['middleware' => ['auth', 'roles'], 'roles' => ['admin', 'supervisor']], function() {
...
});

The problem is solved :)

Upvotes: 0

user320487
user320487

Reputation:

You need to restrict the routes that expose LFM to your non-admin user's. I would probably create a separate middleware that I could apply on a per route or per route group basis to perform this check and deny access.

Another approach could be using Gates and/or Policies to restrict access. You can fine tune it down to the individual user permission if needed.

Upvotes: 1

Related Questions