Skip to content
Advertisement

Laravel 8: Custom Middleware Does Not Seem To Be Working

I’m using Laravel 8 for my project and in this project and I have created a custom Middleware called Admin that goes like this:

public function handle(Request $request, Closure $next)
{
    if (Auth::check()) {
        if (Auth::user()->isAdmin()) {
            return $next($request);
        }
    }

    return redirect('/');
}

And I tried applying it like this:

Route::group(['middleware' => 'admin'], function() {
    Route::resource('admin/users', AppHttpControllersAdminAdminUserController::class);
});

And on Kernel.php:

'admin' => AppHttpMiddlewareAdmin::class

So I called the isAdmin() at User Model which simply checks if the role of the user is correct or not:

public function roles()
{
    return $this->belongsToMany(Role::class);
}

public function isAdmin()
{
    foreach ($this->roles as $role) {
        if ($role->name == 'Manual User') {
            return true;
        }
    }

    return false;
}

Currently, I have these two roles:

enter image description here

And the user, that I want to log in, is set to 6 and has the role id of 1 which Manual User:

enter image description here

But now the problem is, when I go to /admin/users uri, it does not redirect me to ('/') uri and shows me /admin/users page!

So what is going wrong here? How can I fix this issue?

Note that the relationship between roles and users which is Many To Many works fine and there is no need to mention them.

Advertisement

Answer

I tried this locally with a very similar setup and had no problem. I took the liberty of changing/simplifying some things.

These are the steps I took.

1. Middleware

1.1. Create Admin middleware.

Done by running the php artisan make:middleware Admin command.

1.2. Fill out the middleware.

<?php

namespace AppHttpMiddleware;

use Closure;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;

class Admin
{
    /**
     * Passes if authenticated user is an admin.
     *
     * @see AppModelsUser::isAdmin()
     */
    public function handle(Request $request, Closure $next)
    {
        if (Auth::user()->isAdmin()) {
            return $next($request);
        }

        return redirect('/');
    }
}

Here is my first change: I don’t do the Auth::check(). There’s another middleware for that.

1.3 Add new entry to $middlewareGroups in AppHttpKernel.php.

    protected $middlewareGroups = [
        'web' => [...],

        'api' => [...],

        // check if user is authenticated, then check if it's an admin
        'admin' => [
            'auth',
            AppHttpMiddlewareAdmin::class
        ],
    ];

    protected $routeMiddleware = [
        'auth' => AppHttpMiddlewareAuthenticate::class,
        ...
    ];

2. Route

Add a route that uses the middleware created above.

Route::middleware('admin')->group(function () {
    Route::get('test', function () { return "User is authenticated and is an admin."; });
});

Also, optionally you could simplify your isAdmin() method.

public function isAdmin()
{
    return $this->roles->contains('name', 'Manual User');
}

This, for me, had the desired results. Are you sure you edited your AppHttpKernel.php file correctly?

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement