Reputation: 12568
Laravel - Prevent non admin users from accessing the dashboard
I am preventing users who do not have a role of 'admin' from logging in to the dashboard in a Laravel 5.5 app like this in app/http/Controllers/auth/LoginController.php..
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), 'password');
return array_add($credentials, 'type', 'admin');
}
This works well, but if somebody resets their password using the forgotten password function then it bypasses this function and lets them in to the dashboard.
How can I lock the dashboard down to prevent this happening?
Should I disable auto login after password reset, will this be enough?
Upvotes: 0
Views: 1944
Answers (2)
Reputation: 21
Use Middleware, you will have full control on all requests in your app.
Also, you might want to have a look at (spatie/laravel-permission) @ github it will make your Role/Permission process really easier.
Upvotes: 2
Reputation: 361
Overwrite the authenticated method in LoginController. Place the code below in the LoginController.
protected function authenticated(Request $request, $user)
{
if ( Use your Logic here ) {
return redirect()->route('admin.home');
}
return redirect('/home');
}
Upvotes: 1
Related Questions
- Laravel backpack restrict user access to admin panel
- How to set user and admin on different dashboard url in laravel
- How to Prevent users to see admin views
- Laravel 5.5 - Only Get Admin Users
- Restricting Pages to Admins - Laravel
- Laravel protect routes from users that are not admin
- Roles with laravel 5, how to allow only admin access to some root
- Enable only admin to view page in Laravel
- How to Protect the admin Panel in Laravel 5.2
- prevent unauthorized users to access admin pages in laravel 5