Hello
Trying create Simple user roles middleware
in Role model
protected $table = 'roles';
public function users()
{
return $this->hasMany(User::class);
}
in User Model
public function role()
{
return $this->belongsTo(Role::class);
}
User DB I have role_id
And Role DB looks like:
Schema::create('roles', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('description');
$table->timestamps();
});
Using Middleware CheckRole
Kernel.php
'roles' => \App\Http\Middleware\CheckRole::class,
Middleware CheckRole
public function handle(Request $request, Closure $next, $roles)
{
if(auth()->check() && $request->user()->role->name == $roles)
{
return $next($request);
}
return redirect()->route('login');
}
route
Route::middleware(['auth', 'roles:Administrator'])->group(function(){
Route::get('/admin/posts', [App\Http\Controllers\PostController::class, 'index'])->name('post.index');
});
Using this code, restriction works, user must have Administrator role to access route.
But I have 2 questions
Q1.
I want use several roles
Route::middleware(['auth', 'roles:Administrator,Editor'])
in Middleware CheckRole add check for array but something not working
public function handle(Request $request, Closure $next, $roles)
{
if(is_array($roles)){
foreach($roles as $role){
if($request->user()->role->name == $role) {
return $next($request);
}
}
}
if(auth()->check() && $request->user()->role->name == $roles)
{
return $next($request);
}
return redirect()->route('login');
}
Q2.
is anything I need add in middleware for more security ?
