feat(dashboard): restrict dashboard url to intended role
- add HasRole middleware
This commit is contained in:
parent
2aedc08ad1
commit
1ca9f779c5
27
app/Http/Middleware/HasRole.php
Normal file
27
app/Http/Middleware/HasRole.php
Normal file
@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Enums\UserTypes;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class HasRole
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next, string $role): Response
|
||||
{
|
||||
if($request->user()->role === $role){
|
||||
return $next($request);
|
||||
}
|
||||
else{
|
||||
abort('401');
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,8 +1,10 @@
|
||||
<?php
|
||||
|
||||
use App\Enums\UserTypes;
|
||||
use App\Http\Controllers\AuthenticatedUserController;
|
||||
use App\Http\Controllers\HomeController;
|
||||
use App\Http\Controllers\RegisteredUserController;
|
||||
use App\Http\Middleware\HasRole;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
Route::get('/', HomeController::class)->name('home');
|
||||
@ -14,7 +16,16 @@
|
||||
|
||||
Route::middleware('auth')->group(function () {
|
||||
Route::delete('/logout', [AuthenticatedUserController::class, 'destroy'])->name('logout');
|
||||
Route::view('/user/dashboard', 'dashboards.user')->name('user.dashboard');
|
||||
Route::view('/broker/dashboard', 'dashboards.broker')->name('broker.dashboard');
|
||||
Route::view('/admin/dashboard', 'dashboards.admin')->name('admin.dashboard');
|
||||
|
||||
Route::view('/user/dashboard', 'dashboards.user')
|
||||
->middleware(HasRole::class.':'.UserTypes::User->value)
|
||||
->name('user.dashboard');
|
||||
|
||||
Route::view('/broker/dashboard', 'dashboards.broker')
|
||||
->middleware(HasRole::class.':'.UserTypes::Broker->value)
|
||||
->name('broker.dashboard');
|
||||
|
||||
Route::view('/admin/dashboard', 'dashboards.admin')
|
||||
->middleware(HasRole::class.':'.UserTypes::Admin->value)
|
||||
->name('admin.dashboard');
|
||||
});
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user