Hello! Im trying to hide nova completely from the public if they are not authed to view it behind a 404. ive basically managed to do this through returning a 404 in the gate check and that works for logged in users. it just leaves the login pages that you still get redirected to if you are a guest, I have tried to use middleware registered in the nova config file and it works but you'll still get redirected to /login before you get shown the 404.
what would be the best way to either display the 404 before the redirect? or possibly a easer way to hide nova completely?
Thanks!
@makka Have you tried returning a response from the Nova gate check?
Gate::define('viewNova', function ($user) {
return $user->isAdmin() ? Response::allow() : Response::denyAsNotFound();
});
Relevant authorisation docs: https://laravel.com/docs/authorization#customising-gate-response-status
@martinbean Thanks for the input! Currently the gate i have is working as intended for users that are logged in but are not admins, the problem is guests. as a guest if you visit any nova endpoint (say nova/dashboard) you will be redirected to /nova/login
I have tried to overcome this with middleware that checks if a user is a guest and just 404's and it works - kina.
the issue is the middleware is being called after the redirect, so you do get a 404 but on /nova/login rather than say nova/dashboard.
Hope that makes sence!
@martinbean Still having the redirect happen before the gate is hit.
Gate::define('viewNova', function (?USER $user) {
if (is_null($user) || $user->email != '[email protected]') {
abort(404);
} else {
return true;
}
});
Bump
Edit: i just extended "namespace Laravel\Nova\Http\Middleware\Authenticate" to give a 404 and it worked.
Please or to participate in this conversation.