Level 104
Is the guest middleware also being applied on the Route definition; or only in the Controller's constructor?
Oct 7, 2024
8
Level 5
Do not redirect to home if admin user is logged in and goes to register
Hello,
I would like to give admin users the option to register new customers.
When an admin user goes to register from the admin side, it redirects to the home page.
I tried to avoid this by setting a session key and if this key exists not to call middleware('guest') but it does not see that the session key was set.
My code:
CustomerController:
public function create()
{
session()->put([
'create_customer' => true,
]);
if (session()->has('create_customer'))
Log::debug('in customer component, session set'); //I see this in the log file
else
Log::debug('in customer component, session NOT set');
return to_route('register');
}
RegisterController:
public function __construct()
{
if (session()->has('create_customer')) {
Log::debug('session set');
} else {
Log::debug('session Not set'); //I see this in the log file
$this->middleware('guest');
}
}
I also tried this code in the register controller:
public function __construct()
{
if (auth()->check() && auth()->user()->hasRole('Admin')) {
Log::debug('session set');
} else {
Log::debug('session Not set');
$this->middleware('guest');
}
Still being redirected to home.
Any suggestions please?
Level 5
Level 104
@SigalZ no, that looks like the old Laravel UI auth scaffolding; so the middleware is not applied on the Route definition. What Laravel version is your project?
The problem will most probably be you are relying on the Session in the Controller constructor - they are actually evaluated before the Session is started.
Level 5
@tykus Laravel 10
Level 104
@SigalZ if this is Laravel UI authentication package, then all of the routes and controllers are yours to modify.
There are any number of ways you can tackle the problem. For example, the easiest would be simply removing the $this->middleware('guest') line from the RegisterController completely. It doesn't matter if the user is authenticated or not.
If an authenticated user must be an admin role, then you could create a custom GuestOrAdmin middleware and apply that instead, e.g.
$isAdmin = auth()->user() && auth()->user()->hasRole('Admin');
$isGuest = auth()->guest();
if ($isAdmin || $isGuest) {
$next($request);
}
throw new AuthorizationException('You are not allowed to do that!');
1 like
Level 5
@tykus Awesome, thank you, I'll use the middleware solution.
Level 122
You don't need to register to create a new user
Your admin can just CRUD a new user like any other model. No need to trick the register route.
1 like
Level 5
@Snapey I have my reasons why I want to use the register. Thanks.
Please or to participate in this conversation.