Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi all,
I am new to Laravel and trying to do the following: My application has users that have a level. (e.g. Student, Teacher and Admin) This level is stored as a property on the user model. Now I want to have a route like this: /schools
How do I manage to point routes (almost all) like /schools to those different controllers depending on the user level? Is there a solution offered by Laravel? I read something about route groups, but I am not sure on how to use them.
Thank you very much.
You should read the documentation about Gates (Authorization): https://laravel.com/docs/5.2/authorization Middleware: https://laravel.com/docs/5.2/middleware for restrictions.
For the different Controllers for routes you can define Route groups: https://laravel.com/docs/5.2/routing#route-groups
Now I have the following:
Route::group(['namespace' => 'Student', 'middleware' => ['Student']], function() { Route::resource('schools', 'SchoolController'); });
Route::group(['namespace' => 'Admin', 'middleware' => ['Admin']], function() { Route::resource('schools', 'SchoolController'); });
Student and Admin are middlewares that succeed if the use is a student or an admin.
How can I make sure, that only the route for the specific user level is used?
Right now, an admin user is always rejected, because it does not match the student middleware.
Could you please help me?
Thanky you!
You can only define one Route resource/name/... with the same url. Routes are listes from top to bottom and if an url matches, the older value gets overwritten.
If you want to look up all of your application's routes, you can do following CLI command:
php artisan route:list
If you really want to have the same base-url (hostname.app/school/{school-id}) and return data based on the user's rights, you need to write that logic in one SchoolController.
I don't know if middleware is needed in this case, some simple php-logic should do the trick, e.g.
// student or teacher hits following link:
// hostname.app/school/abc-school
// or by id...
// hostname.app/school/1337
// -> SchoolController handles the request,
// e.g. here to access the main page of the school or something like that:
public function show($id)
{
// retrieve the model by it's id
$school = School::firstOrFail($id);
// now you can decide how you want to determine access...
// user->isAdmin() as a custom user method...
if ( Auth::user()->isAdmin() )
{
// ... return the view or just the data...
}
// some custom method on the user model or vice versa...
if ( Auth::user()->isMemberOfSchool($school) )
{
// ... return the view or just the data...
}
if ( $school->hasStudent(Auth::user()) )
{
// ... return the view or just the data...
}
// ....
// if no access is possible, do some silent redirects to the home page...
return redirect('/');
// ... or return an "access not granted" error.
return view('errors.403');
}
That's how I would do it, but thats just one way.
To help you achieve what you want: Can you provide an exact example on how you would like to access the schools, etc?
Please or to participate in this conversation.