Create Middleware to Verify Admin

PHOTO EMBED

Fri Oct 29 2021 04:36:51 GMT+0000 (Coordinated Universal Time)

Saved by @slendabilt #php #laravel

// in terminal, php artisan to create middleware
php artisan make:middleware VerifyIsAdmin

// in VerifyIsAdmin middleware file
public function handle(Request $request, Closure $next)
{
  if (!auth()->user()->isAdmin()) {
    return redirect()->back();
  }
  return $next($request);
}

// must register in kernel.php
protected $routeMiddleware = [
  'auth' => \App\Http\Middleware\Authenticate::class,
  'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
  'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
  'can' => \Illuminate\Auth\Middleware\Authorize::class,
  'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
  'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
  'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
  'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
  'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
  'verifyCategoryCount' => VerifyCategoriesCount::class,
  'admin' => VerifyIsAdmin::class,
];

// use in Route to ensure user is authenticated and admin
Route::middleware(['auth', 'admin'])->group(function () {
    Route::get('users', [UsersController::class, 'index'])->name('users.index');
});
content_copyCOPY

If user is not an admin, they will not be able to visit specific page

https://laravel.com/docs/8.x/middleware