Wednesday, October 19, 2022

[FIXED] How to make my dashboard accessible only for admin and seller in laravel?

      , , ,      No comments   

Issue

DashboardController.php

class DashboardController extends Controller
{
    function __construct()
    {
        $this->middleware('auth');
    }
    // codes.....

}

Initially, I make a middlewire for any auth user to access this dashboard.

Goal: I want to make this dashboard for only admin and seller. So that normal user can not access dashboard route.

How to do that?

Reference table

users table

         Schema::create('users', function (Blueprint $table) {
            $table->id();
            $table->string('name');
            $table->string('email')->unique();
            $table->string('photo')->nullable();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->longText('cartitems')->nullable();
            $table->longText('wishlist')->nullable();
            $table->unsignedBigInteger('discount')->default(0);
            $table->rememberToken();
            $table->timestamps();
        });

This is users table.

roles table

       Schema::create('roles', function (Blueprint $table) {
            $table->id();
            $table->string('name');
            $table->string('display_name');
            $table->timestamps();
        });

This is roles table. And every user have a role such as Superadmin, admin, seller orcustomer

role_user table

        Schema::create('role_user', function (Blueprint $table) {
            $table->id();
            $table->unsignedBigInteger('user_id');
            $table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');

            $table->unsignedBigInteger('role_id');
            $table->foreign('role_id')->references('id')->on('roles')->onDelete('cascade');

            $table->timestamps();
        });

In this pivot table make a relationship between users and roles table.

I HAVE TRIED THESE STEPS

DashboardController.php

function __construct()
{
    $this->middleware('admin');
}

Kernel.php

   'admin' => \App\Http\Middleware\Admin::class,

Admin.php [new Middlewire]

public function handle($request, Closure $next)
{
    dd(Auth::user());
}

But this Admin.php can't not access the current authenticated user.

it shows null


Solution

To be able to use auth()->user() in a middleware you need to use load the auth middleware before. There are several ways to do that, including directly giving the routes a middleware using route groups. Otherwise, Laravel will not recognize that there is a logged-in user.

In case you don't want to do that there is another way that is slightly crude but it does the job equally well since you are writing your own roles logic. You can create a helper function hasRole() that does the same thing and use it in your controllers.

Edit: This is something I did for permissions rather than roles but I think it might help:

if(!function_exists('hasPermission')){
    function hasPermission($permissionName){
        if(auth()->check()) {

            $user = \App\Admin::where('id', auth()->user()->id)->with('role.permissions')->first();
            $permission = \App\AdminPermissions::where('name', $permissionName)->first();
            return response()->json($user->role->permissions->contains($permission));

        } else {

            return 'Unauthenticated';
        }
    }
}


Answered By - Khaldoun Nd
Answer Checked By - Timothy Miller (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...