popolo - code simple..

popolo - code simple..

Laravel Middleware to auth admin users

Laravel Middleware to auth admin users

Theodoros Kafantaris's photo
Theodoros Kafantaris
·Sep 20, 2022·

1 min read

In this post we will see how to authenticate users that have a DB field of is_admin to separate them from normal users. In users migration file we have the boolean extra field to characterise a user as admin.

Schema::create('users', function (Blueprint $table) {
            $table->id();
            $table->string('name');
            $table->string('email')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password')->nullable();
            $table->boolean('is_admin')->default('0');
            $table->rememberToken();
            $table->softDeletes();
            $table->timestamps();
        });

Now we are ready to create our custom middleware.

php artisan make:middleware isAdmin

Add it to the routeMiddleware array in kernel file by opening app/Http/Kernel.php

protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
        'signed' => \App\Http\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'admin' => \App\Http\Middleware\IsAdmin::class,
    ];

We are modifying the app/Http/Middleware/isAdmin.php file as follow:

public function handle(Request $request, Closure $next)
    {
        if (auth()->user() &&  auth()->user()->is_admin == 1) {
            return $next($request);
     }
     abort(403, "You are not authorised");
    // return redirect('/');
    }

Apply the middleware to web.php:

Route::middleware(['auth','admin'])->group(function () {
    Route::get('/dashboard', function () {
   return view('dashboard');
    })->name('dashboard');
    });

That's it! Enjoy!

 
Share this