CODEWITHSUNDEEP
laravelauthenticationroutes
mSwierkot
mSwierkot

Reputation: 31

Restricting not logged users access to admin panel in Laravel - routing issue

I've started creating my own very simple blog application, which would consist of main page with posts and admin panel accesible only for me. I don't want viewers to have access to login page, it should be just for one user - admin.

I already have admin panel from which I can create, edit, view and delete posts stored in mySQL database, also posts are displayed on main page. My problem is that I am strugling with securing the admin panel from not logged users.

How should I do this, idea is: if you are logged in - you are admin, you can access admin panel which views are stored in views/admin, if you are not - you can only see posts beeing displayed on main page in views folder.

publicHomePageTemplate.blade.php (piece responsible for displaying posts)

@foreach($articles as $article)

          <div class="well well-lg">
            <h3>{{$article->title}}</h3>
            <p>{{$article->body}}</p>

        </div>

         @endforeach

Article Controller

namespace App\Http\Controllers;

use Illuminate\Http\Request; use App\Article;

class ArticleController extends Controller { /** * Display a listing of the resource. * * @return \Illuminate\Http\Response */ public function publicHomePage() { $articles = Article::paginate(4);

     return view('articles/publicHomePageTemplate',    ['articles'=>$articles]);
 }

    public function index()
    {
    $articles = Article::latest()->paginate(5);
    return view('admin.index',compact('articles'))
        ->with('i', (request()->input('page', 1) - 1) * 5);
    }


/**
 * Show the form for creating a new resource.
 *
 * @return \Illuminate\Http\Response
 */
public function create()
{
    return view('admin.create');
}


/**
 * Store a newly created resource in storage.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function store(Request $request)
{
    request()->validate([
        'title' => 'required',
        'body' => 'required',
    ]);
    Article::create($request->all());
    return redirect()->route('admin.index')
                    ->with('success','Article created successfully');
}


/**
 * Display the specified resource.
 *
 * @param  int  $id
 * @return \Illuminate\Http\Response
 */
public function show($id)
{
    $article = Article::find($id);
    return view('admin.show',compact('article'));
}


/**
 * Show the form for editing the specified resource.
 *
 * @param  int  $id
 * @return \Illuminate\Http\Response
 */
public function edit($id)
{
    $article = Article::find($id);
    return view('admin.edit',compact('article'));
}


/**
 * Update the specified resource in storage.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  int  $id
 * @return \Illuminate\Http\Response
 */
public function update(Request $request, $id)
{
    request()->validate([
        'title' => 'required',
        'body' => 'required',
    ]);
    Article::find($id)->update($request->all());
    return redirect()->route('admin.index')
                    ->with('success','Article updated successfully');
}


/**
 * Remove the specified resource from storage.
 *
 * @param  int  $id
 * @return \Illuminate\Http\Response
 */
public function destroy($id)
{
    Article::find($id)->delete();
    return redirect()->route('admin.index')
                    ->with('success','Article deleted successfully');
}

}

So far I've started realising authentication system with php artisan:make auth

Any ideas how to solve this

Upvotes: 1

Views: 1750

Answers (2)

sandip bharadva
sandip bharadva

Reputation: 646

if you add the field "role" in your table then try if(Auth::user()->role == 'admin'){}else{}. you can also use this code in your blade file like @if().

Upvotes: 0

Marcus
Marcus

Reputation: 1848

Create a middleware that blocks users that should not access admin

This goes in the Http Kernel in $middlewareGroups

'admin' => [
    'web',
    \App\Http\Middleware\Permissions\AdminChecker::class,
],

then you create a middleware that checks the current user

public function handle($request, Closure $next)
{
    $user = $request->user();

    if (!$user || !$user->isAdmin()) {
        throw new AuthenticationException;
    }

    return $next($request);
}

Then make sure that your admin routes are using the admin group In the RouteServiceProvider

Route::group([
            'middleware' => 'admin',
            'namespace' => $this->namespace.'\Admin',
            'prefix' => 'admin',
        ], function ($router) {
            require base_path('routes/admin.php');
        });

then you put your admin routes in 'routes/admin.php

Upvotes: 2

Related Questions