Question 319962 in Laravel Question posted in
The official Laravel Documentation can be found here.

Laravel – How to redirect unathorized user in web.php to login page?

I’m creating custom admin panel in Laravel and trying to make redirect to login page for unathorized users. There is so many posts about it in the web, but they are for older versions of Laravel and I couldnt find anything for 10. Here is web.php:

Route::middleware(['role:admin'])->prefix('admin')->group(function()
{
    Route::get('/', [AppHttpControllersAdminHomeController::class, 'index'])->name('admin');

    Route::resource('games', AppHttpControllersAdminPostController::class);

});

What should I add here to redirect users to login page?

Tags:

2

Answers


  1. 0

    I suppose you use Spatielaravel-permissions based on role:admin middleware.

    You have to make your own middleware, for example "IsAdmin"

    php artisan make:middleware IsAdmin

    and then code authorization logic in the handle() function of your new middleware.

    The hasRole() method is from laravel-permissions package, if you have other system for permissions then edit this logic.

    <?php

namespace AppHttpMiddleware;

use Closure;
use IlluminateSupportFacadesAuth;

class IsAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  IlluminateHttpRequest  $request
     * @param  Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if ( $request->user()->hasRole('admin']) ) {
            return $next($request);
        }

        return redirect('/login');
    }
}

    Add your new middleware to your route. Also you should add Laravel auth middleware to check if user is authenticated.

    use AppHttpMiddlewareIsAdmin;

Route::middleware(['auth', IsAdmin::class])->prefix('admin')->group(function()
    Login or Signup to reply.
  2. 0

    To redirect unauthorized users to the login page in Laravel 10, you can use the built-in auth middleware along with any custom middleware for role checking.

    web.php

    use IlluminateSupportFacadesRoute;
use AppHttpControllersAdminHomeController;
use AppHttpControllersAdminPostController;

Route::middleware(['auth', 'role:admin'])->prefix('admin')->group(function () {
    Route::get('/', [HomeController::class, 'index'])->name('admin');
    Route::resource('games', PostController::class);
});

    Create a custom middleware

    php artisan make:middleware EnsureUserHasRole

    EnsureUserHasRole.php

    namespace AppHttpMiddleware;

use Closure;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;

class EnsureUserHasRole
{
    public function handle(Request $request, Closure $next, $role)
    {
        if (!Auth::check() || !$request->user()->hasRole($role)) {
            return redirect(route('login'));
        }

        return $next($request);
    }
}

    Register the middleware in Http/Kernel.php.

    protected $routeMiddleware = [
    // ...
    'role' => AppHttpMiddlewareEnsureUserHasRole::class,
];
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search