Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mbo's avatar
mbo
OP
2 years ago
Level 3

Middle ware issue

I have a issue with my middleware:

I have done the following:

Searchrequests.store and create must be public available.

The rest is only available for the the superdamin.

Create works but store does not. Middleware kicks in. Any idea what is causing this?

thanks in advance!

<?php

use App\Http\Controllers;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;

Route::get('xxx-xxx', [Controllers\SearchrequestController::class, 'create']);
Route::post('searchrequests.store', [Controllers\SearchrequestController::class, 'store']);



/*
|--------------------------------------------------------------------------
| Super Admin
|--------------------------------------------------------------------------
*/

Route::group(['middleware' => ['roles'], 'roles' => ['Superadmin']], function () {
  
    Route::post('/searchrequests/sendsearchrequest', [Controllers\SearchrequestController::class, 'sendsearchrequest'])->name('searchrequests.sendsearchrequest');
    Route::post('/searchrequests/sendsmessage', [Controllers\SearchrequestController::class, 'sendmessage'])->name('searchrequests.sendmessage');
    Route::resource('my-account/searchrequests', Controllers\SearchrequestController::class);

});
0 likes
2 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

It sounds like you're working with a Laravel application and you're trying to set up middleware to control access to certain routes. To ensure that the store method of your Searchrequests controller is publicly available while other methods are restricted to the super admin, you'll need to adjust your route definitions and middleware accordingly.

Here's a step-by-step solution to ensure that your store and create methods are publicly accessible:

  1. Define your routes in routes/web.php (or the appropriate routes file for your application) and apply middleware to the group of routes that require super admin access. Exclude the create and store methods from this group.
// Publicly accessible routes
Route::get('/searchrequests/create', 'SearchrequestsController@create')->name('searchrequests.create');
Route::post('/searchrequests', 'SearchrequestsController@store')->name('searchrequests.store');

// Routes that require super admin access
Route::middleware(['superadmin'])->group(function () {
    // Assuming you have other methods like index, edit, update, destroy, etc.
    Route::get('/searchrequests', 'SearchrequestsController@index')->name('searchrequests.index');
    Route::get('/searchrequests/{searchrequest}/edit', 'SearchrequestsController@edit')->name('searchrequests.edit');
    Route::put('/searchrequests/{searchrequest}', 'SearchrequestsController@update')->name('searchrequests.update');
    Route::delete('/searchrequests/{searchrequest}', 'SearchrequestsController@destroy')->name('searchrequests.destroy');
    // ... other routes that require super admin access
});
  1. Create the superadmin middleware if it doesn't already exist. You can generate a new middleware using the Artisan command:
php artisan make:middleware SuperAdminMiddleware
  1. In the generated middleware (app/Http/Middleware/SuperAdminMiddleware.php), implement your super admin check logic. For example:
public function handle($request, Closure $next)
{
    // Replace this with your actual super admin check logic
    if (!auth()->user() || !auth()->user()->isSuperAdmin()) {
        // If the user is not a super admin, redirect or return an error
        return redirect('home')->with('error', 'You do not have access to this resource.');
    }

    return $next($request);
}
  1. Register your new middleware in app/Http/Kernel.php by adding it to the $routeMiddleware array:
protected $routeMiddleware = [
    // ... other middleware
    'superadmin' => \App\Http\Middleware\SuperAdminMiddleware::class,
];

With these changes, your create and store methods should be publicly accessible, while the other methods are protected by the superadmin middleware. Make sure that your middleware logic correctly identifies super admin users and that you've registered the middleware correctly in the kernel.

If you're still facing issues, double-check your route definitions and middleware registration. Also, ensure that there are no conflicting route definitions or middleware applied at a higher level (such as in a service provider or in the __construct method of your controller) that might be affecting the store method.

Snapey's avatar

'searchrequests.store' is not valid for a URL

Its ok for a route name but not a URL. Perhaps you could use 'searchrequests/store'

Please or to participate in this conversation.