Level 1
What if you send them somewhere else if they aren't authorized but authenticated? Give them a 403 response code.
Aug 21, 2014
4
Level 1
Multiple log ins and user roles question
I guess this is a general question but if I have the code from the user roles video from Laracasts I have this filter:
Route::filter('role', function($route, $request, $role)
{
if (Auth::guest() or ! Auth::user()->hasRole($role))
{
//redirect to admin/login
}
});
This filters if a user is a guest or if they're not authorized with the correct role, yes? Lets say that filter is in place for the general site log in. However, if I have an administrative area that I'd like to have it's own log in, for example site.com/admin (which would check for the correct role and then forwards to an log in controller) that works but it is hacky. The reason I say that is because a standard, or non-admin user, can log in under that same log in which then redirects them to site.com/admin -> site.com/admin/login and creates a redirect loop. Is there a second filter that I can put in place or maybe a simple if statement to check for this and then redirect non-admin users to a different area? For some reason my mind can't wrap its self around the logic and before I get home I'd like to have a basic understanding of what I need to do before I try it. Any advice?
Also I know things like Sentry and Entrust exist but quite frankly I'm really new and want to get the basics down before I start using other people's packages and code.
Level 1
So if I have the following filter in place on my admin controller(s)
class AdminController extends \BaseController {
public function __construct()
{
$this->beforeFilter('role:Owner', array('except' => array('doLogin')));
}
and this filter
Route::filter('role', function($route, $request, $role)
{
if (Auth::guest() || ! Auth::user()->hasRole($role))
{
return Redirect::to('/admin/login');
}
});
I am not quite understanding how I can accomplish that? My mind says to check if the logged in user is an admin or not and then act accordingly but I do that above? Would I just change it to:
Route::filter('role', function($route, $request, $role)
{
if (Auth::guest() || ! Auth::user()->hasRole($role))
{
return Redirect::to('/admin/login');
}
//send elsewhere code here
});
If that's the case then I am definitely surprised.
Level 1
Anyone else now that the world is more awake?
Level 8
Just add a condition in your authentication filter to exclude the login page
Here is what I do,
Route::filter('auth.admin.filter', function()
{
if ( (Auth::guest()) && (!(Request::is('admin/login'))) ) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
} else {
return Redirect::guest('admin/login');
}
}
});
//attach my admin filter in all routes starting with admin
Route::when('admin/*', 'auth.admin.filter');
Please or to participate in this conversation.