In this post we will see how to authenticate users that have a DB field of is_admin to separate them from normal users. In users migration file we have the boolean extra field to characterise a user as admin.
Schema::create('users', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->timestamp('email_verified_at')->nullable();
$table->string('password')->nullable();
$table->boolean('is_admin')->default('0');
$table->rememberToken();
$table->softDeletes();
$table->timestamps();
});
Now we are ready to create our custom middleware.
php artisan make:middleware isAdmin
Add it to the routeMiddleware array in kernel file by opening app/Http/Kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'admin' => \App\Http\Middleware\IsAdmin::class,
];
We are modifying the app/Http/Middleware/isAdmin.php file as follow:
public function handle(Request $request, Closure $next)
{
if (auth()->user() && auth()->user()->is_admin == 1) {
return $next($request);
}
abort(403, "You are not authorised");
// return redirect('/');
}
Apply the middleware to web.php:
Route::middleware(['auth','admin'])->group(function () {
Route::get('/dashboard', function () {
return view('dashboard');
})->name('dashboard');
});
That's it! Enjoy!