0

It is project requirement. where i have multiple logins but some user can not access few module. like super admin and analyst can access all module but developer can only use own controller.

so in this case , how can i guard a controller with multiple logins. also note that i have separate login page and table into Database.

for Example phonebookController can be access by super admin and analyst but not by developers. so please tell me how can i implement this?

i use this for ::

if( Auth::guard('superAdmin')->check() )
 {   $author =Auth::guard('superAdmin')->User()->id ;  }
  else  if( Auth::guard('analysts')->check() )
 {   $author =Auth::guard('analysts')->User()->id;   }
 else
 {  $author =Auth::guard('supervisor')->User()->id    }

i want to use this into constructor method of class

Improve this question
2
  • log every access to controler to DB, and before every load of controller check if user can view of throw 403... Commented Apr 22, 2017 at 10:45
  • how are you assigning roles? is there a field in your user table which says if the user is admin or not? Commented Apr 22, 2017 at 10:53

1 Answer 1

Reset to default
2

Here is my implementation for access control for admin and users(agents in my case) I have a boolean field in my user table(is_admin) which is 0 for normal users and 1 for admins. so in my User model I did this

    protected $casts = [
        'is_admin' => 'boolean',
    ];

  public function isAdmin()
    {
            return $this->is_admin;
    }

Create a new middleware for the type of roles u want using

php artisan make:middleware Admin

php artisan make:middleware Agent

The middleware files will be created in App\Http\Middleware\ add this to class inside Admin.php 

public function handle($request, Closure $next)
{

    if ( Auth::check() && Auth::user()->isAdmin() )
    {
        return $next($request);
    }

    return redirect('/agent');

}

and this to Agent.php

    public function handle($request, Closure $next)
{

    if ( Auth::check() && !Auth::user()->isAdmin() )
    {
        return $next($request);
    }

    return redirect('/home');

}

After this register your middleware with laravel to do this add this to protected $routeMiddleware in your Kernel.php which is located at app\Http\Kernel.php

'admin' => 'App\Http\Middleware\Admin',
'agent' => 'App\Http\Middleware\Agent',

make sure to create proper routes for redirection as we've mentioned in our middleware files. after this you are almost done. Now to verify if a user is admin or normal user add this to the constructor method of your controller.

Actions allowed only for admin users

    public function __construct()
{   

    $this->middleware('auth');
    $this->middleware('admin');
}

Action allowed only for normal users

public function __construct() {

$this->middleware('auth');
$this->middleware('agent');

}

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

public $user_type , $participant_id , $model_class , $model_type ; public function __construct() { $this->middleware(function ($request, $next) { if( Auth::guard('analysts')->check() =='analysts' ) { $this-> participant_id = Auth::guard('analysts')->user()->id; $this -> user_type = 'analyst'; $this -> model_type = 'Analyst'; $this -> model_class = 'App\Analysts'; } else { return redirect()->back(); }
return $next($request); }); } $model = $this->model_class; $items = $model::where( 'id' , $this->participant_id )->get()->first();
Good to know you solved it!. By the way you can use markdown in comments section too, ex. to format code enclose them in back quotes.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.