Skip to content

10 Admin middleware

Jump to bottom
Ivan Radunovic edited this page May 9, 2017 · 1 revision

Izvršimo komandu za kreiranje novog middleware-a:

php artisan make:middleware AdminAuthentication

Laravel će kreirati novu klasu i smjestiti je u `app/Http/Middleware/AdminAuthentication.php'.

U sebi ova klada ima samo handle metodu koja služi da bi u njoj ispitali da li korisnik ima određenu rolu, dozvolu i slično.

<?php

namespace App\Http\Middleware;

use Closure;

class AdminAuthentication
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (auth()->guest() || !auth()->user()->hasRole('Administrator')) {
            abort(403);
        }

        return $next($request);
    }
}

Ovaj middleware vrši prvo provjeru da li je korisnik gost ili ako je ulogovan da li ima ulogu Administrator. Ako je neki od ovih upita tačan, Laravel će baciti izuzetak 403. Na ovaj način korisnik će biti spriječen da vidi tu stranicu.

Potrebno je da registrujemo ovaj middleware u fajlu Kernel.php:

    protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'admin' => AdminAuthentication::class
    ];

Nakon ovoga rutu admin ćemo zaštiti ovim middleware-om:

Route::get('/admin', 'AdminController@index')->middleware('admin');

Codingo D.O.O. Podgorica 2017.

Clone this wiki locally