0

I am using Entrust middleware from here. Everything goes fine except when I want to expose a certain page to admin when logged in and to any user who is NOT logged in .

With the help from here , I added the following middleware, but when I hit the url , it says, too many redirections.

namespace App\Http\Middleware;

use App\Models\User;
use App\Models\Role;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Database\Eloquent\Collection;

class CheckPermission {

    /**
     * The Guard implementation.
     *
     * @var Guard
     */
    protected $auth;

    /**
     * Create a new filter instance.
     *
     * @param  Guard  $auth
     * @return void
     */
    public function __construct( Guard $auth )
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle( $request, Closure $next )
    {
        if ( $this->auth->guest() )
        {
            $user = new User;
            $user->id = 0;
            $user->username = 'Guest';

            $role = Role::find(9);// EXPLANATION OF 9 IS GIVEN BELOW UNDER CODE

            $user->roles = new Collection;
            $user->roles->add( $role );
        }
        else
        {
            $user = $this->auth->user();
        }

        // Automatically check permission based on route name
        /* 
          if ( !$user->can( $request->route()->getName() ) )
         {
            // Handle denied permission, e.g. abort(401)
         }
        */

        return $next( $request );
    }

}

Database change : in roles table I added a row with id 9 and name guest. How can I add a guest support in Entrust so that any user who is not logged-in will be considered as a guest and he will be allowed to visit certain routes as well.

Community
  • 1
  • 1
Istiaque Ahmed
  • 6,072
  • 24
  • 75
  • 141
  • What do you need the entrust middleware for in this scenario? It sounds like the route shouldn't have any auth related middleware on it. – Devon Bessemer Sep 01 '18 at 14:39
  • My site uses Entrust for access control layer. At a certain stage , I need to expose a page (i.e. registration of some kind ) to any non-logged in user. Otherwise if no ACL existed, the problem in question would not arise. – Istiaque Ahmed Sep 01 '18 at 14:41
  • Right, but why can't you just exclude this route from the middlewares? – Devon Bessemer Sep 01 '18 at 14:41
  • How to exclude that ? from the middleware I showed or from kernel.php ? – Istiaque Ahmed Sep 01 '18 at 14:42
  • I would imagine you used a route group or something to assign this middleware to the routes, didn't you? – Devon Bessemer Sep 01 '18 at 14:44
  • Also keep in mind, the admin should be able to access the page when he is logged in. So by just excluding the page from middleware would expose it any user who is also logged in. – Istiaque Ahmed Sep 01 '18 at 14:44
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/179247/discussion-between-istiaque-ahmed-and-devon). – Istiaque Ahmed Sep 01 '18 at 14:45

1 Answers1

0

I'd personally avoid any global middleware dealing with authorization as to not block your application from having publicly accessible pages. Use route groups to assign middleware to protected routes.

While it may not fit into Entrust's design, you could also write a custom middleware to only allow guests and admins. Something like this:

class AdminOrGuestMiddleware {

   /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if ($request->user() && !$request->user()->hasRole('admin')) {
            return redirect('/home');
        }

        return $next($request);
    }
Devon Bessemer
  • 34,461
  • 9
  • 69
  • 95