Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

cosmin_paunica's avatar

Filament: redirect unauthenticated and non-admin users from /admin to a certain other route

Hello! I'm trying to add Filament to my app and I would like it to behave like this:

When an unauthenticated user goes to /admin, they should be redirected to /login (the one defined by me, not /admin/login, which is defined by Filament)

When an authenticated user who isn't an admin goes to /admin, they should be redirected to /home

What I'm trying to accomplish is to completely hide the /admin route from users who do not have access to it.

Also I would prefer to not have to change anything in the vendor directory, so that I don't have to make the changes every time I run composer install.

I've searched how to do this for a few hours now, but found nothing. Is there a way that I can do this? Thank you!

0 likes
6 replies
LaryAI's avatar
LaryAI
AI
3 years ago
Level 58

You can accomplish this by creating a middleware that checks if the user is authenticated and has the correct role. If they don't, you can redirect them to the appropriate route.

First, create a middleware that checks if the user is authenticated and has the correct role:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class AdminMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::check() && Auth::user()->hasRole('admin')) {
            return $next($request);
        }

        return redirect('/home');
    }
}

Then, register the middleware in your app/Http/Kernel.php file:

protected $routeMiddleware = [
    // ...
    'admin' => \App\Http\Middleware\AdminMiddleware::class,
];

Finally, add the middleware to the /admin route in your routes/web.php file:

Route::get('/admin', 'AdminController@index')->middleware('admin');

Now, when an unauthenticated user or a user without the correct role tries to access the /admin route, they will be redirected to /home.

1 like
cosmin_paunica's avatar

@LaryAI Thank you for the reply, but the problem is that the /admin route is not defined by me. Instead, it is defined by Filament in the vendor directory, so I can't add the middleware there.

Ayzerobug's avatar

To redirect unauthenticated and unauthorized users from the admin route to a certain other route, you can create a custom middleware for FilamentPHP. Here's how you can do it:

     php artisan make:middleware RedirectIfNotFilamentAdmin

Now customize your new middleware to Extend the Laravel Illuminate authentication middleware

    use Filament\Facades\Filament;
    use Filament\Models\Contracts\FilamentUser;
    use Illuminate\Database\Eloquent\Model;
    use Illuminate\Auth\Middleware\Authenticate as Middleware;

    class RedirectIfNotFilamentAdmin extends Middleware
    {

        /**
         * @param  array<string>  $guards
         */
        protected function authenticate($request, array $guards)
        {
            $auth = Filament::auth();

            if (!$auth->check()) {
                $this->unauthenticated($request, $guards);

                return;
            }

            $this->auth->shouldUse(Filament::getAuthGuard());

            /** @var Model $user */
            $user = $auth->user();

            $panel = Filament::getCurrentPanel();

            if ($user instanceof FilamentUser) {
                if (!$user->canAccessPanel($panel) && config('app.env') !== 'local') {
                    return redirect(route('user.home'));
                }
            }
        }

        protected function redirectTo($request): ?string
        {
              return Filament::getLoginUrl();
        }
    }

After creating your custom middleware, register it in your filament AdminPanelServiceProvider. Change the middleware in the authMiddleware chained to the panel:

			...->authMiddleware([
            		Authenticate::class,
             ]);

TO

			use App\Http\Middleware\RedirectIfNotFilamentAdmin;
            ...->authMiddleware([
            		RedirectIfNotFilamentAdmin::class,
             ]);

With these steps, unauthenticated or non-admin users will be redirected to the specified route when they try to access the admin panel in FilamentPHP. In my case I'm using Filament3

5 likes
Intr0spect1ve's avatar

@Ayzerobug This was exactly what I needed, thanks!

I tweaked the middleware a little to fit my needs:

<?php

namespace App\Http\Middleware;

use Filament\Facades\Filament;
use Filament\Models\Contracts\FilamentUser;
use Illuminate\Auth\Middleware\Authenticate as Middleware;
use Session;

class RedirectIfNotFilamentAdmin extends Middleware
{
    protected function authenticate($request, array $guards): void
    {
        $auth = Filament::auth();
        $user = $auth->user();
        $panel = Filament::getCurrentPanel();

        if (!($auth->check()
            && $user instanceof FilamentUser
            && $user->canAccessPanel($panel))) {
            Session::flush();
            $this->unauthenticated($request, $guards);
        }
    }

    protected function redirectTo($request): ?string
    {
        return Filament::getLoginUrl();
    }
}

I'm using two panels (the Filament 3 way). So now the user session is erased when a non-admin user goes to the admin panel, and if so, the user can immediately try to login to the admin panel.

3 likes
wangxianzhe015's avatar

This must help you.

<?php
 
namespace App\Models;
 
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
use Illuminate\Foundation\Auth\User as Authenticatable;
 
class User extends Authenticatable implements FilamentUser
{
    // ...
 
    public function canAccessPanel(Panel $panel): bool
    {
        if ($panel->getId() === 'admin') {
            return str_ends_with($this->email, '@yourdomain.com') && $this->hasVerifiedEmail();
        }
 
        return true;
    }
}
echo_'s avatar

Hello I'm kinda having a similar issue. I'm using filament as the admin side for my project but when a non-admin user is logged in on the website, and I log in on the admin panel with an admin user, the admin user session takes over the non-admin user's one. So when i go on the website, i see the admin user logged in instead of the non-admin user.

Please or to participate in this conversation.