Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

aleksov's avatar

Create middleware to auth admin users

I'm new to Laravel but I like it very much... I create simple code that check is user admin or not:

public function index() {

    $checkAuth = \Auth::user()->admin;

    if ($checkAuth == 1) {

        $articles = Auth::user()->articles()->latest()->get();

        return view('articles.index', compact('articles'));
    }
    return 'You are not ADMIN';

}

But as you see I make my ArticleController complicated so I want to create middleware for this? How to create middleware for that and how to call that middleware at controller? Can somebody show me example and help me... Thanks very very much.

0 likes
7 replies
RachidLaasri's avatar
RachidLaasri
10 years ago
Best Answer
Level 41

1- run :

php artisan make:middleware IsAdmin

2- Add it to the routeMiddleware array in your kernel file by opening app/Http/Kernel.php

'admin' => \App\Http\Middleware\IsAdmin::class,

3- Edit isAdmin file:

public function handle($request, Closure $next)
{
     if (Auth::user() &&  Auth::user()->admin == 1) {
            return $next($request);
     }

    return redirect('/');
}

4- Apply the middleware to your route:

Route::get('admin_area', ['middleware' => 'admin', function () {
    //
}]);
59 likes
SteveBelanger's avatar

somewhat like Rachid ... check my ref to documentation at the end : In routes.php:

Route::group(['middleware' => 'isAdmin'], function () {
    Route::get('admin', 'adminController@adminDashboard');
});

In a middleware you create with artisan :

public function handle($request, Closure $next)
{
    // Obtenir la liste des roles de l'utilisateur
    $UserRoles = DB::table('roles')->join('role_user','role_id', '=', 'roles.id')->where('user_id', '=', Auth::user()->id)->lists('name');
    // vérifier si cet utilisateur  a le role d'admin
    $isAdmin = false;
    foreach($UserRoles as $role)
    {
        if($role == 'admin')
        {
            $isAdmin = true;
        }
    }

    // snippet ci-dessous selon doc de Laravel
    if( ! $isAdmin )
    {
        if ($request->ajax()) {
            return response('Unauthorized.', 401);
        } else {
            return redirect()->back(); //todo h peut-etre une fenetre modale pour dire acces refusé ici...
        }
    }

    return $next($request);

in kernel.php :

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'isAdmin' => \App\Http\Middleware\isAdmin::class,];

watch this :

https://laracasts.com/series/laravel-5-fundamentals/episodes/16

and look at this :

https://laracasts.com/discuss/channels/general-discussion/check-if-user-has-admin-role

1 like
RobertoPhilippo's avatar

Use the HomeController is a simple way

public function index() { $userId = \Auth::id();

    $user = User::find($userId);
    
    if($user->admin == 1)
    {
        return view('admin');
    }
    return view('home');
}

just need a table admin and a route and you have seperated users and admin.

mikayilli's avatar

in User model

public function isAdmin()

{

  if($this->status == 'Admin')
   return true;
  else
   return false;

}

create IsAdmin middleware

in middleware

public function handle($request, Closure $next) {

    if( ! $request->user()->isAdmin() )
    {
      return abort(404);
 //or redirect to somewhere
    }

    return $next($request);
}

add IsAdmin middleware class path to kernel too.

1 like
aliawadh980's avatar

4- Or apply it to the controller if that controller is only for admin :).

Pay attention to the double auth here ;)

    public function __construct()
    {
        $this->middleware('auth');
        $this->middleware('admin');
    }

Please or to participate in this conversation.