How to make an if/Else within a route?

Asked

Viewed 452 times

0

I have a form that has two types of users: administrators and developers and each one has its post login page, but even logged in as an administrator, I can go to the developer pages. I need to fix this!

  • Just do a Middleware on the route. In the middleware you do the if asking if the logged in user is an Admin or User.

  • 1

    But how? I’m new to Laravel.

2 answers

1

I don’t know which version of Laravel you are using but if it is 5.2 or higher, it already has native control for different types of authentication, called "Guard", in the folder of your project go in config/auth.php, there is an array with the "Guards", you can do so for example:

   'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'desenvolvedor' => [
        'driver' => 'session',
        'provider' => 'desenvolvedores',
    ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
]

will be necessary to change the array of providers also in this same file "auth.php", put the Provider like this:

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],
    'desenvolvedores' => [
        'driver' => 'eloquent',
        'model' => App\Desenvolvedor::class,
    ]       
]

note that in the previous you specify the model that will be used to perform the authentication, you can duplicate the User model and change it to Developer, more or less like this:

<?php

namespace App;

use Illuminate\Foundation\Auth\User as Authenticatable;

class Desenvolvedor extends Authenticatable
{

    protected $table = 'desenvolvedores'; //coloque aqui o nome da tabela dos desenvolvedores
    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes excluded from the model's JSON form.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];
}

you will also need to have the fields 'name', 'email' and 'password' in your developer table, I suggest you follow the default table "users".

this way you can create protected routes for each "Guard", for example:

Route::group(['prefix' => '/desenvolvedor', 'middleware' => 'auth:desenvolvedor'], function ()...

for more details I suggest you read the documentation on: https://laravel.com/docs/5.4/authentication#Adding-custom-Guards

  • It didn’t work... D:

  • I edited my reply detailing the other changes you should make, if it doesn’t work, tell me what didn’t work, what return you had.

  • Why do I only do this with developers, and administrators do not?

  • You can do this for administrators too, I’m assuming you’re using the users table for administrators, if you’re not can do the same thing for administrators, and in the administrators routes you put 'auth:administrators' for example.

  • I did everything and Adm can still see the Developer page and vice versa... No mistake, but tbm n works!

  • put here how you put your routes to Adm and to the developer that I will try to identify where the problem is.

Show 1 more comment

0

  1. Create a Middleware. Open the Command Prompt, go to the folder of your project and type:

    php artisan make:middleware CheckRoleUser
    
  2. Register this Middleware on App/Http/Kernel.php in $routeMiddleware

    protected $routeMiddleware = [
        'check_role' => \App\Http\Middleware\CheckRoleUser::class,
        .
        .
        .
    ];
    
  3. Open the file App/Http/Middleware/CheckRoleUser.php and write the code routine that checks if the user is an Admin or Developer. I don’t know what your database looks like. But the table users must have a field role or role_id that defines the user type.

    public function handle($request, Closure $next, $guard = null){
    
        # Se for diferente de 1 = Admin volta para página de login.
        if (!Auth::user()->role == 1) {
            return redirect()->to('/login');
        }
    
        return $next($request);
    
    }
    
  4. In the archive App/Http/routes.php you call the Middleware created with the name you defined in Kernel.php.

    # Admin
    Route::group(['prefix' => 'admin', 'middleware' => 'check_role'], function(){
        Route::get('/', 'DashboardController@index');
    });
    
  • That last part of the route I did not understand well. What view I put?

  • You won’t do anything at View...

  • Route::get('/', 'Registercontroller@index');... Which view do I return?

  • Whichever way you want it. Then it’s up to you... The permission part is done if you’ve followed these steps.

  • It is giving error in the route...

Browser other questions tagged

You are not signed in. Login or sign up in order to post.