Route access control - Laravel 5.1

Asked

Viewed 2,107 times

3

I have some views that only clients can access, and some that only administrators can access. What I defined in this case is id_client, which if it is "1" is administrator and if it is any other client. I control it with 2 Middleware locally, but when I posted to a hosting server I get an error:

This web page has a redirect loop

ERR_TOO_MANY_REDIRECTS

Routes:

// Rotas para administradores
Route::group(['middleware' => 'auth', 'middleware' => 'SIST\Http\Middleware\AdminMiddleware'], function()
{
    Route::get('inicio', ['as' => 'inicio','uses' => 'Admin\InicioController@index']);
});

// Rotas para clientes
Route::group(['middleware' => 'auth', 'middleware' => 'SIST\Http\Middleware\ClientMiddleware'], function ()
{
    Route::get('sist', ['as' => 'sist','uses' => 'Client\SistController@index']);
});

Admin Middleware:

class AdminMiddleware
{
    public function handle($request, Closure $next)
    {
        if (Auth::user()->id_cliente !== 1)
        {
            return redirect('/sist');
        }else{
            return $next($request);
        }
    }
}

Client Middleware:

class ClientMiddleware
{
    public function handle($request, Closure $next)
    {           
        $id_cliente = Auth::user()->id_cliente;

        if ($id_cliente === 1)
        {
            return redirect('/inicio');
        }else{
            $cliente = Cliente::find($id_cliente);
            return $next($request);
        }
    }
}

htaccess

<IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !^public
        RewriteRule ^(.*)$ /public/$1 [L]
</IfModule>

inserir a descrição da imagem aqui

I have many routes within these two groups and I use this to not let a client access an administrator route by typing the URL. I don’t know if this is the best way, but this is what I was able to do. If you have another way, please tell me.

  • See through your browser’s development tool which loop is occurring. Which two addresses are receiving redirects from each other. The problem may have nothing to do with your middleware, but with your DNS zone.

  • when logging in with a user that should lead to the "/start" directory, it is endlessly redirecting to the "/sist". The same happens if I try to log in with user who really should be directed to the "/sist", but the redirect never to.

  • @Marcoauréliodeleu, it’s like he doesn’t recognize the conditions, I don’t know... I really have no idea. I edited the question by putting my htaccess.

3 answers

3

You can’t use just one Route and only one Middleware ?

Route::group(['middleware' => 'auth', 'middleware' => 'admin'], function(){
    Route::get('inicio', ['as' => 'inicio','uses' => 'Admin\InicioController@index']);
    Route::get('sist', ['as' => 'sist','uses' => 'Client\SistController@index']);
});

Log that Middleware on Kernel.php which is in the folder app/Http, in that array, last line:

protected $routeMiddleware = [
    'auth'          => 'App\Http\Middleware\Authenticate',
    'auth.basic'    => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
    'guest'         => 'App\Http\Middleware\RedirectIfAuthenticated',
    'login'         => 'App\Http\Middleware\AdminMiddleware',
];

Hence in the middleware of Route::group, put as I did above: middleware => 'admin' instead of that whole name.

Hence in the Adminmiddleware.php do both:

class AdminMiddleware
{
    public function handle($request, Closure $next)
    {
        if (Auth::user()->id_cliente !== 1){
            return redirect('/sist');
        }else{
            return redirect('/inicio');
        }
        return $next($request);
    }
}

It’s not about the .htaccess.

  • I have tried it this way but the error continues. I will put an image in the question. @Zoom

2


Believe it or not, but after spending practically all day on it, I solved the problem by just switching "===" for "==" and "!==" for "!=". I don’t know what might have caused this malfunction in the hosting, since locally it worked perfectly, but that was it!

  • Ow, and you know I ended up missing my PHP script. I was going to do this and ended up not doing the check inside the middleware, can even see that it is wrong to check for which link goes. Good.

1

I know it has been a long time, but I wanted to comment to understand the difference between "==" and "==", consequently "!=" and "!=="

When we use the validation of type ===, if it equates to strictly equal, which means, in addition to the value of the variable having to be equal the type must also be equal, example:

Ex:

$id_cliente === 1 

In this case, if your variable is a string, it would give error, because it is comparing a value with a variable that expects a string.

If so, the comparison should be so:

$id_cliente === "1"

Browser other questions tagged

You are not signed in. Login or sign up in order to post.