About Laravel Middleware

 

How to give access to the user in a specific page depending on their role using laravel Middleware

MiddleWare in laravel work to check user role and give access to the users depending their role. I am writing this topics because when I was working on laravel user permission based access I faced difficulty and I spend much time for this. So here I will try to describe laravel middleware in a easy way as much as I can.

First let me describe the scenario that I am going to do in this tutorial. So it will be easy to understand.

Suppose there is a page that only accessable by user who have role as admin. We can do this using middleware.

For creating a middeware run this command on you project folder

php artisan make:middleware CheckAdmin

Here CheckAdmin is middleware name. We can use any name here.

after creating middleware we will find our created middleware in this directory app/Http/Middleware.

Here we can see our created CheckAdmin Middleware.

 

Now we will have to register our created middleware. For registering this, go to

app/Http/Kernel.php

And add below code in your $routeMiddleware property.

‘isAdmin’ => \App\Http\Middleware\CheckAdmin::class,

Here ‘isAdmin’ is our middleware name. We will be able to use any name here.

So  $routeMiddleware property will look like this.

Now save and close Kernel.php file. Our middleware is registered now.

Now go to your CheckAdmin Middleware and replace handle function by bellow code.

public function handle($request, Closure $next)

{

if (Auth::user() &&  Auth::user()->name == ‘admin’) {

return $next($request);

}

return redirect()->back();

}

Here Auth::user() will check if current user is logged in or not. If logged in then it will check if logged is user name is admin or not by this Auth::user()->name == ‘admin’. So our middleware is ready for admin. So our CheckAdmin Middlewareis look like this .

 

Now we will implement this middleware for our page.

So now we have a page named contact. We want to show this page for admin users only. For doing this we will go to the controller for that contact page. Here I am using ContactController.php for contact page. So I am going to the ContactController.php and added those code at the beginning of the ContactController.php

 

public function __construct()

{

$this->middleware(‘isAdmin’);

}

 

So now ContactController.php is look like this

Here getContact() method is showing contact page. I have created it before. So now contact page is protected only for admin users.

Now this will block all method of the ContactController.php . As we know constructor run before all method of a class. If we have more method in ContactController.php and we want to restrict only specific method for admin users then we will write our constructor method like this.

 

public function __construct()

{

$this->middleware(‘isAdmin’, [‘only’ => [‘getContact’]]);

}

 

Here we will be able to add more method after ‘getContact’ separating by comma. The same way we can restrict all method for admin expect some method by adding this code in the constructor method.

$this->middleware(‘auth’, [‘except’ => [‘getContact’]]);

This code will restrict all methods of ContactController.php expect getContact method. So every users will be able to access only getContact method from ContactController.php.

This is the basic things I have discussed in the tutorial. There are some more way to use middleware. But I have just showed a way that I felt easy. Hope it will help.

Fokrul Hasan
Fokrul Hasan
SJ Innovation LLC
Where employee happiness generates client success.
Follow us on Facebook or Twitter