I had implemented entrust for roles and permissions. I have 3 Roles, super-admin, admin and customer.
Super Admin has access to Web-app (eg. www.myurl.com)
Admin has access through api only i.e. mobile app (eg. www.myurl.com/api/login) via api.php route
customer had access through api i.e. mobile app
Now, I found a bug that when admin tries to login via www.myurl.com.login with his credentials he is allowed to log in!!!
On further investigating, I found that I need to change the login method and provide role check while login, but I'm unable to get through. I changed the login function as below, but still admin and customers are able to login!!
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
//I updated the following code of default login function.
$checkAdmin = $this->attemptLogin($request);
$isAdmin = Auth::user();
if ( $checkAdmin && $isAdmin->hasRole('super')) {
//With super-admin if I do dd('hi') here, I am getting control
return $this->sendLoginResponse($request);
}
//But for other roles, it is directly taking them to the super-admin (home) page!!
.
. //Rest of the login function...
I tried to make dd(1) to know the flow, but for super-user I got dd response while for other user, it was not going in that block and redirecting non-super-admin roles to home page!!
I am using Laravel 5.4 and entrust package for Roles.
