Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

saurav77's avatar

How to gives access in API which user has roles name as SUB-ADMIN?

This is my UserController.php.I am using a laravel passport for API authentication

 public function login(Request $request){
        $request->validate([
            'email'=>'required|email',
            'password'=>'required',
        ]);
        $credentials=$request->only(['email','password']);
        if(Auth::attempt($credentials)){
            $success['token']=Auth::user()->createToken('MyApp')->accessToken;
            return response()->json([Auth::user(),'success'=>$success],200);
        }else{
            return response()->json(['error'=>'Not Found'],401);
        }
    }

This is my routes/api.php

Route::post('/user-login','UserController@login');

and i checked this URL in Postman and result come like this

http://127.0.0.1:8000/api/user-login

{
    "user": {
        "id": 1,
        "name": "Admin User",
        "email": "[email protected]",
        "phone": "982356222",
        "roles": [
            {
                "id": 1,
                "name": "Sub-Admin",
                "created_at": "2020-10-14 15:29:36",
                "updated_at": "2020-10-14 15:29:36",
                
            }
        ],
        
    },
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIxIiwianRpIjoiYjY3MTE3ZjMxZmEzN2RhMGIyZGEzMmM0NDEzMDA2MDFkMTVhM2Y0ODdhNzFmNWIyMDcxNGZmNWY4M2MzYTVlNTFiNjQyMmJjODlmMzExOGIiLCJpYXQiOjE2MDU3MDQ3NDgsIm5iZiI6MTYwNTcwNDc0OCwiZXhwIjoxNjM3MjQwNzQ4LCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.KunRT2KA8hI7c2lJW7e0nvJnWirgBrNgFAAyQq-PG6znHLS14-gcP-2rXWOfuGreW6N2yBxfu6AOg2BYOHNOg54qmXNJ6_fJRrOUpAjgCxEN60X8x_7lE2Gu0xXYhw0Oc5jCeCgtLdeh9DlHFIh2Wdhnd9lU4FMLcQl3q0TZt0Yf7FpQtv2-q2izOQlxV9QWO5R6mzlmg5feaqTUpx4repb2JpaCMAF47ZBn6ZYPDNcJTQJ6OdU5bzc3GWF3V97qJFS9OabMvA8bUmY8opirIAPb2Lqd9zmP06YMHOP0oT_qr0duQIWnCPQp3bGSf9lUlF0tKil3NR8YZtOhkjr9W6uQoe5n5AsZLJrfdeRbgwPsANink8NdWzfvHkBhmCEKJyiwUFQhTQAgrwc_uflv6XbJsIzVzsxihjIdl4b9Y-hmA-PnXzb108aeKH0Ja5DlP55Zk6AB3kiWx-Zf39aSvi0lQJDN6u2YuNhRnXdceFIzyGM2iV0fGqRqPKeA0FyUo4wBD3cX5_HlLHk7FPyltqWkMvoozc-JP8lmdROJypoPCDo0tOQHiD9pbnRu4hJnhoomQr0YZ5t9Z7AXtErEHRatshST5McSin8tGmYdTG4hxOY2yUZl7NTyloUVb_1vpDqh214hXm8KtykhlD-N98fX3XWjfZIXDBeD7qOeGdM"
}

But I want to give access to which user has roles name as Sub-Admin.If user roles has name Administrator or anything then give message as Invalid Login Credentials

0 likes
3 replies
saurav77's avatar

I solved like this

 public function login(Request $request){
        $request->validate([
            'email'=>'required|email',
            'password'=>'required',
        ]);
        $credentials=$request->only(['email','password']);
        if(Auth::attempt($credentials)){
     if(Auth::user()->roles[0]['name']=="Sub-Admin"){
            $success['token']=Auth::user()->createToken('MyApp')->accessToken;
            return response()->json([Auth::user(),'success'=>$success],200);
	}else{
             return response()->json(['error'=>'Access Denied'],401);
    }
        }else{
            return response()->json(['error'=>'Not Found'],401);
        }
    }
automica's avatar
automica
5 years ago
Best Answer
Level 54

@saurav77 just for reference, you can get rid of your else statements as you are returning.

eg

public
function login(Request $request)
{
    $request->validate([
        'email' => 'required|email',
        'password' => 'required',
    ]);
    $credentials = $request->only(['email', 'password']);
    if (Auth::attempt($credentials)) {
        if (Auth::user()->roles[0]['name'] == "Sub-Admin") {
            $success['token'] = Auth::user()->createToken('MyApp')->accessToken;
            
            return response()->json([Auth::user(), 'success' => $success], 200);
        }
        return response()->json(['error' => 'Access Denied'], 401);

    }
    return response()->json(['error' => 'Not Found'], 401);
}
1 like

Please or to participate in this conversation.