Reputation: 95
laravel 5.4 - how to prevent one's role from being able to access the property of another role?
I have an inventory app that has three different roles, namely operator, admin, and super admin.
the problem is when I enter with one of the roles, I can access the menu belongs to another role by writing the link from the menu in the browser's link bar.
example
in the admin page there is a backup and restore menu, link: /admin/backupAndRestore
then I log in as an operator
in the operator page there is only the item borrowing and return item menu, but if I write a link of the admin backup and restore menu in the browser's link bar like localhost: 8000/admin/backupAndRestore I can access the page.
I want to make it like a user who has logged in can not access the register or login page and redirected to the home page, what should I do?
Upvotes: 0
Views: 227
Answers (1)
Reputation: 5673
The functionality you are looking for is known as authorization in the Laravel framework. Since you can technically implement user roles in many different ways, it is not realistic to post a code example for you here. Instead, I recommend you read the entire documentation page on authorization and then devise an implementation that works for your setup. It is most likely that you will want to build your logic using Policies, which are classes that organize authorization logic around a particular model.
Upvotes: 1
Related Questions
- Role based permission to Laravel
- Laravel Roles and Permissions based on Role specific Ability
- Hide the data of a user which has the same "Role"
- Laravel: User and Role Relationship ( User has only 1 Role)
- Role based ACL in Laravel
- Attaching Permissions to Role in Laravel 5
- Handling Scope with User Role Constraint - Laravel 5.3
- Specific role relations
- Laravel - Don't allow user to access other user data
- Laravel 4.2 User Role Security