problem
I'm looking for a way to protect users from access routes which do not belong to them, example admin cannot access user area and simple user cannot access admin area
Hi, i've a laravel 5.3 app and it has two types of users
- Admin
- Simple User
i'm trying to prevent admin
from accessing simple user
routes and vice-versa, I search a lot and found one solution of creating a middleware
what i've done
<?php
namespace App\Http\Middleware;
use Auth;
use Closure;
class UserRole
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ( Auth::check()) // user logged
{
$request_url = $request->getRequestUri();
if( Auth::user()->user_type == 1 ) // simple user
{
// checking if simple user is visiting routes // starts with /user in the url
if (strpos($request_url, "/user") === 0)
{
return $next($request);
}
else
{
return redirect('/');
}
}
// checking if admin is visiting routes // starts with /admin in the url
else if( Auth::user()->user_type == 2 ) // admin
{
if (strpos($request_url, "/admin") === 0)
{
return $next($request);
}
else
{
return redirect('/');
}
}
else
{
return redirect('/');
}
}
return redirect('/');
}
}
unfortunately both are able to access each others restricted areas. I'm unable to find a better way to protect user from accessing routes which they don't have access too.