Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

theUnforgiven's avatar

Using custom middleware but using the auth

I have a column in the users table called is_admin and if that's set to 1 then that user is a super admin, otherwise all other users are members.

My question is how can I use the built in auth but register new middleware to reflect the above. This way I don't have to do if/else statements every where as I want to have the same admin theme throughout. What would be the best approach to this?

Many thanks in advanced :)

0 likes
5 replies
WebKenth's avatar

Create a new middleware ChecksAdminPrivileges and add it to a middleware group with the Auth middleware running first

In the middleware you simply write the logic you want, and voilá now it checks with every request if you are an admin, do this otherwise do that

inside the ChecksAdminPrivileges it could go something like this:

$user = $request->user();
    if($user->is_admin != 1)
    {
    // logic to go to non admin places
            return redirect('/');
    }
    return $next($request);

That will take care of your controller Admin logic, but view specific you can simply in your layout file load an admin partial only if the user is an admin

ie. You need to show some links in the navigation to your admin that you don't want other users to see

So separate your navigation blade files. Maybe nav.blade.php and admin-nav.blade.php

In your layout file only include the admin-nav if the has the is-admin attribute

Connor-S-Parks's avatar

First of all, I want to preface this with the fact that I think you really should look into the built in authorisation gate system that Laravel provides (see here)

If you really want to go this specific route then you're going to want to:

  1. Create the middleware (I've named it AuthorizeAdministrator but this is completely up to you)
<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Support\Facades\Auth;

class AuthorizeAdministrator
{
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     *
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (! Auth::user()->is_admin) {
            throw new AuthorizationException;
        }

        return $next($request);
    }
}
  1. Register this middleware in App\Http\Kernel::$routeMiddleware:
protected $routeMiddleware = [
    // ...

    'admin' => \App\Http\Middleware\AuthorizeAdministrator::class,

    // ...
];
  1. Utilise it as a middleware parameter on your routes:
$router->group(['middleware' => 'admin'], function (Registrar $router) {
    // ...
});
1 like
theUnforgiven's avatar

Thanks both for your comments, will try that or further more go with gates.

martinbean's avatar
martinbean
9 years ago
Best Answer
Level 80

@theUnforgiven I have a similar middleware. I check an attribute on the User model, and then send the appropriate HTTP response if the user’s not an administrator:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Auth\Access\AuthorizationException;

class VerifyUserIsAdministrator
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function handle($request, Closure $next)
    {
        if ($request->user()->isAdministrator()) {
            return $next($request);
        }

        throw new AuthorizationException;
    }
}
1 like

Please or to participate in this conversation.