Problems with two middlewares and abort 401

Question

Problems with two middlewares and abort 401

Navigation

#1 by (1 votes)

1

I'm using two middlewares

ROUTE FILE

Route::group(['middleware'=>['web','auth']], function() {

    Route::group(['middleware'=>'administrador'], function() {
       Route::resource('usuarios', 'UsuariosController');
    });

    Route::resource('categorias', 'CategoriasController');
    Route::resource('tags', 'tagsController');
    Route::resource('articulos', 'articulosController');
});

route::any('imagenes','ImagenesController@index');

route::any('front','FrontController@index');
route::any('buscaCat/{nombrecat}','FrontController@buscaCategoria');
route::any('buscaTag/{nombre}','FrontController@buscaTag');

The first one is the typical auth, which is to control those that do not show you the pages if you are not logged in, and the middleware administrator, is simply so you do not have access to certain routes, but I've been trying for a while and I do not get operate both at the same time.

Middleware auth (default)

<?php

namespace App\Http\Middleware;

    class Authenticate
    {
        /**
         * Handle an incoming request.
         *
         * @param  \Illuminate\Http\Request  $request
         * @param  \Closure  $next
         * @param  string|null  $guard
         * @return mixed
         */
        public function handle($request, Closure $next, $guard = null)
        {
            if (Auth::guard($guard)->guest()) {
                if ($request->ajax() || $request->wantsJson()) {
                    return response('Unauthorized.', 401);
                } else {
                    return redirect()->guest('login');
                }
            }

            return $next($request);
        }
    }

MIDDLEWARE ADMINISTRATOR

use Illuminate\Support\Facades\Auth;
use Closure;

class administrador
{
    public function handle($request, Closure $next)
    {


       if(!is_null(Auth::user()) and Auth::user()->tipo!= 'administrador'):
        abort(401);
       else:
                return $next($request);
       endif;

    }
}

VISTA ERROR 401 PERSONALIZED

   <body>
        <div class="container">
            <div class="content">
                <div class="title">PERMISO DENEGADO, NO PUEDES ENTRAR AQUI</div>
                <div >
                    <a href="{{url('front')}}" class="btn btn-primary">Volver</a>
                </div>
            </div>
        </div>
    </body>
</html>

KERNEL MIDDLEWARE

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * These middleware are run during every request to your application.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    ];

    /**
     * The application's route middleware groups.
     *
     * @var array
     */
    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,

            //*****************PERSONALIZADO***************************************
           \App\Http\Middleware\administrador::class,
        ],

        'api' => [
            'throttle:60,1',
        ],
    ];

    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
          //*****************PERSONALIZADO***************************************
         'administrador' => \App\Http\Middleware\administrador::class,

    ];
}

The administrator middleware has been tested in the routes file and in the users controller, and the result is the same.

The problem when applying the abort is that it applies to ALL, absolutely all routes, even those not defined in the middleware route groups, to give an example, when I enter being something other than administrator I jump the screen, but then I can not go back with the arrows of the navigator and if I try to change the route from the address bar, the message remains, I can only access the page commenting on the groups of routes and commenting on the middleware in the kernel.

If I try to access a route as a front, which should not have problems accessing, the message remains. Then if I try to do a redirect instead of the abort, I think it conflicts with the first middleware and makes an infinite redirection.

What options do I have?

Thank you.

php laravel laravel-5

asked by KurodoAkabane 05.07.2016 в 18:50

source

1 answer

Create a model with a ForeignKey and another field Warning: mysql_fetch_array () expects parameter 1 to be resource, null given in

score 1 · Accepted Answer

You are applying the middleware 'administrator' to the group (of middlewares) web:

    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,

        //*****************PERSONALIZADO***************************************
       \App\Http\Middleware\administrador::class,
    ],

This group of middlewares is applied to ALL routes, unless you have modified it in the corresponding service provider.

In the current Laravel code, the RouteServiceProvider shows it :

/**
 * Define the routes for the application.
 *
 * @param  \Illuminate\Routing\Router  $router
 * @return void
 */
public function map(Router $router)
{
    $this->mapWebRoutes($router);
    //
}

/**
 * Define the "web" routes for the application.
 *
 * These routes all receive session state, CSRF protection, etc.
 *
 * @param  \Illuminate\Routing\Router  $router
 * @return void
 */
protected function mapWebRoutes(Router $router)
{
    $router->group([
        'namespace' => $this->namespace, 'middleware' => 'web',
    ], function ($router) {
        require app_path('Http/routes.php');
    });
}

What options do you have?

Modify the route service provider so that it does not include the 'web' middleware in all routes by default.
Leave the middleware administrator outside the 'web' group and apply it only to specific routes.

The best option depends on the design of your application.