Level 29
Check this link: https://github.com/tighten/ziggy?tab=readme-ov-file#filtering-routes
The documentation explains how you can effectively filter routes.
Mar 11, 2024
4
Level 13
Ziggy library exposing all routes
Hi, I'm using Laravel and inertia. In my ziggy.php config file I have added some groups for which specific routes will be exposed.
return [
'groups' => [
'superadmin' => ['superadmin.*'],
'user' => ['user.*'],
'guest' => [
'verification.*',
'register',
'password.*',
'login',
],
],
];
and in my app.blade.php I'm exposing only the group that needs to be exposed
@php
$userRole = Auth::check() ? Auth::user()->role : 'guest';
@endphp
@if ($userRole === 'superadmin')
@routes(['superadmin'])
@elseif($userRole === 'user')
@routes(['user'])
@else
@routes('guest')
@endif
this way when I view the source code in the browser it dosent show other routes that is present in a script tag but there happens to be another script tag where all my routes are still being exposed. I have guarded all my routes anyways but I also want to make sure that not all users are able to all the routes.
Probably that is occuring because of HandleInertiaRequest.php but I have also filtered the routes there like this
private function getZiggyRoutes($user)
{
if (!$user) {
return $this->getGroupItems(['guest']);
}
if ($user->roleIs('superadmin')) {
return $this->getGroupItems(['superadmin']);
}
if ($user->roleIs('user')) {
return $this->getGroupItems(['user']);
}
return [];
}
'ziggy' => fn () => [
...(new Ziggy)->filter($this->getZiggyRoutes($user))->toArray(),
'location' => $request->url(),
],
but with this the issue is when the user role changes meaning the user logs in then on initial redirect to the dashboard the routes passed in seems to not be refreshed and therefore causing issue like user. route is not in the route list.
NOTE: I'm using react on the front-end
Level 13
@gych Thanks for your response :) I have actually done my implementation by learning from the doc but the issue I'm facing is in my app.blade.php meaning the root blade file I'm using @routes which exposes only the routes based on the user role but when a user logs in and the role change the app.blade.php dosent really refresh because its a SPA application and thus it cannot find the new urls. For now I'm just using axios for logging in and modifying window.location.href directly to cause a refresh
window.location.href = response.data.redirect
Level 29
@iftekhs Did you already see this thread? https://laracasts.com/discuss/channels/inertia/filtering-routes-with-ziggy-and-inertia
1 like
Level 13
@gych Thanks I have checked and and made my conclusion that either I need to filter and hard reload on login or I think its just better to not use ziggy library at all if exposing routes is a concern thank you for your help! :)
1 like
Please or to participate in this conversation.