Middleware in the Laravel to check if the user belongs to a group

Asked

Viewed 247 times

-1

Good morning and my first post here, I want to create a check in the Standard to check if the logged-in user belongs to the group ex: IT, DIRECTORATE, ADMINISTRATION etc. I already do the check on the route if the user is logged in using auth, I wanted a second check:

Route::group(['middlewere' => 'auth', 'prefix' => 'ti'], function(){

    Route::get('/listati', 'TiController@index')->name('index');

});

I could only access this route that the user is from the IT group, my system uses adldap2 and synchronizes with AD, I even saw about doing a new middleware and checking if the user belongs to the group, but then analyzing I would have to do a 20 middleware to get if the user belongs to the given group, example:

namespace App\Http\Middleware;
     
use Closure;   

class Verificagrupo { 

  public function handle($request, Closure $next)
  {
 
     if ( !auth()->check() )
         return redirect()->route('login');
 
     $setor = auth()->user()->setor;
  
     if ( $setor != 'ti' )
         return redirect->route('naoautorizado');
  
     return $next($request); 
  }  
}

this middleware would only be able to verify that the user and you, I would like to check not only for the IT group, but also for ADM, SAUDE, ENGINEERING etc all groups... does anyone have any ideas ? how to improve this user group check ? could give me a light indicate some library or something? and avoid having to create 20 middleware to do this group check ? I thank you in advance...

php laravel active-directory middleware

  • There is this library here, it is quite complete: https://spatie.be/docs/laravel-permission/v3/introduction

  • I’ll search this library friend, thank you

2 answers

0


You can add a parameter in middleware as documented:

public function handle($request, Closure $next, $setorPermitido)
{
     if ( !auth()->check() )
         return redirect()->route('login');
 
     $setor = auth()->user()->setor;
  
     if ( $setor != $setorPermitido )
         return redirect->route('naoautorizado');
  
     return $next($request); 
}

After mapping the middleware name in the variable $routeMiddleware of the kernel.php file you can use on the routes something like:

Route::group(['middlewere' => ['auth', 'verificagrupo:ti']], function(){
    // ...
});

There’s a similar answer but I don’t think it’s a double question.

  • Friend, thank you so much for the help, I had seen the documentation before Oce reply, but with your reply I looked again at the documentation this time in Portuguese and what I was missing to avoid a lot of middleware was just this take the parameter of the route... Thank you

0

Well doing this method would really take a lot of checks and create a middleware new whenever a new group arises, a solution to this problem would be to group the groups (mixed)... as follows:

Let’s say you had a table of groups as follows:

+----+------------+-------+
| id |    nome    | grupo |
+----+------------+-------+
|  1 | ADM        |     1 |
|  2 | ENGENHARIA |     1 |
+----+------------+-------+

and an example Middleware:

class Verificagrupo { 

  public function handle($request, Closure $next)
  {
     if (!auth()->check())
        return redirect()->route('login');
        
    $setor = auth()->user()->setor;
    
    $grupos = Grupo::where('grupo', 1)
        ->get()
        ->toArray();
    
    // verificar se utilizador esta nos grupos com coluna grupo com valor 1
    if(!in_array($setor, $grupos)) {
        return redirect()->route('naoautorizado');
    }
  
     return $next($request); 
  }  
}

So you would check everything at once, but instead you could use a package that will help you greatly in the development: Laravel-Permissions

  • 1

    I’ll try it out friend, I ended up running out of time at the moment because of another demand, but I’ll stop later to see it properly, anyway thank you

Browser other questions tagged php laravel active-directory middleware

You are not signed in. Login or sign up in order to post.