Understanding Laravel middleware : admin users

Dec 10, 2019 by Thibault Debatty | 2920 views

Laravel PHP

https://cylab.be/blog/48/understanding-laravel-middleware-admin-users

In Laravel, a Middleware is basically a piece of code that should be executed for every http request. Middlewares are typically used to:

  • filter access to some parts of the website
  • sanitize the input values in all forms

In this blog post we show how to create a middleware to ensure that only administrators can access admin pages of our web application.

Implementing a middleware

You can create your middleware using artisan:

php artisan make:middleware Admin

Your new middleware will be created in app/Http/Middleware. It has only one method handle($request, $next). This is where you should put your code:

<?php

namespace AppHttpMiddleware;

use Closure;
use IlluminateSupportFacadesAuth;

class Admin
{
    /**
     * Handle an incoming request.
     *
     * @param  IlluminateHttpRequest  $request
     * @param  Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::user() && Auth::user()->isAdmin()) {
            return $next($request);
        }

        return abort('403');
    }
}

Registering a middleware

Your middleware will only be executed if it is registered in app/Http/Kernel.php

There are two possibilities here:

  1. middlewares listed in the array $middleware will be executed for all incoming requests. By default you will find here
  • TrimStrings will remove leading and trailing spaces (trim) in all values submitted using a form
  • ConvertEmptyStringsToNull that converts empty strings to null
  1. middlewares listed in $routeMiddleware will be executed only for selected routes. This is where our admin middleware belongs:
protected $routeMiddleware = [
        'admin' => AppHttpMiddlewareAdmin::class,
        ...

Using route middlewares

We can now use our new middleware in routes/web.php:

Route::get('admin/users', function() {})->middleware('admin');

Or in your controllers:

class MyController extends Controller
{

    public function __construct()
    {
        $this->middleware('admin');
    }

This blog post is licensed under CC BY-SA 4.0

Use docker-compose to create a dev environment for Laravel 6, 7 and 8
Setting up a Laravel environment requires to install and configure multiple components: the correct PHP version, of course, but also a database, node server, probably queue worker and scheduler. To get you quickly started, here is how to deploy a dev environment for Laravel with docker compose.
Apr 29, 2024 | 174 views
Fully customizable emails using Laravel 9
With the release of Laravel 9, the Swift Mailer (that is no longer maintained) has been replaced by the Symfony Mailer. You can already find some useful information about this change along all the other ones in the Upgrade Guide from Laravel 8.x to 9.0. However this guide does not contain enough information if you want to send fully customized emails. This blog post proposes you a solution coming directly from the Symfony documentation!
Feb 1, 2023 | 2896 views
Share on Mastodon with shareon.js
With recent events on Twitter, the micro-blogging network Mastodon has gained a lot of interest. Unlike Twitter, Mastodon is free and open-source software. Moreover, Mastodon uses a decentralized approach: the Mastodon network is composed of multiple instances managed by different suppliers, each with its own code of conduct, terms of service, privacy policy, privacy options, and moderation policies. If you want to support the network, here is how you can add 'Share on Mastodon' icons on your website.
Dec 18, 2022 | 1402 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept