How to add multiple roles to a route group laravel

Question

I'm trying to add multiple roles to a route group in my web file in Laravel. I would like protect certain routes based on the users Role like the admin section.

Some Routes need multiple roles for access.

Example Roles:

SuperAdmin
Admin
Moderator
etc..

This works and I can go to the admin panel if loged in and have One Role only in the route group.

Route::middleware(['auth','role:SuperAdmin'])->group(function () {
Secret routes..
});

This does not work if I try and add more roles to to the route group like this: Route::middleware(['auth','role:SuperAdmin|Admin|Moderator'])->group(function () {

Note the 'role:SuperAdmin|Admin|Moderator'

This is the RoleMiddleware file:

    public function handle($request, Closure $next, $role, $permission = null)
    {
        if (!$request->user()->hasRole($role)) {
            abort(404);
        }

        if ($permission !== null && !$request->user()->can($permission)) {
            abort(404);
        }

        return $next($request);
    }

The User Class has a trait called use:HasPermissionTrait

class User extends Authenticatable
{
    use Notifiable, HasPermissionsTrait, Billable;

In that HasPermissionsTrait I have the following: I have permission setup fine, just focusing on the Roles in this file. I moved the Role logic to the top.

use App\{Role, Permission};

trait HasPermissionsTrait
{
    public function hasRole(...$roles)
    {
        foreach ($roles as $role) {
            if ($this->roles->contains('name', $role)) {
                return true;
            }
        }

        return false;
    }

    public function roles()
    {
        return $this->belongsToMany(Role::class, 'users_roles');
    }
    
    ... // Permission logic start here...
}

Worth Mentioning: The tables for roles are:

users
roles
users_roles (I know the correct naming convention should be roles_users, but not relevant here)

Just need to know how to get this working in the route group: 'role:SuperAdmin|Admin|Moderator'

Solution: RoleMiddleware file:

    public function handle($request, Closure $next, $role, $permission = null)
    {
        $role = strtolower( $request->user()->hasRole($role));
        $allowed_roles = array_slice(func_get_args(), 2);
        
        if (!$request->user()->hasRole(in_array($role, $allowed_roles))) {
            abort(404);
        }

        if ($permission !== null && !$request->user()->can($permission)) {
            abort(404);
        }

        return $next($request);
    }

Can do route group like this. Route::middleware(['auth','role:SuperAdmin|Admin'])->group(function () {

see routes filters : https://stackoverflow.com/a/20794357/10573560 — OMR, Jun 22 '20 at 04:22

score 2 · Accepted Answer · answered Jun 22 '20 at 04:52

2

This is what I did in my CheckRole Middleware

public function handle($request, Closure $next) {
    // I'm using the api guard
    $role = strtolower( request()->user()->type );
    $allowed_roles = array_slice(func_get_args(), 2);

    if( in_array($role, $allowed_roles) ) {
        return $next($request);
    }

    throw new AuthenticationException();
}

And in my router file

Route::group(["middleware" => "role:admin,worker"], function() {

});

This might not be the perfect solution, at least it works for me.

answered Jun 22 '20 at 04:52

Leyiang

530
4
7

Wow this actually worked after a little adjusting. Thank you! – daugaard47 Jun 22 '20 at 05:04
I added my solution to the bottom of my question. – daugaard47 Jun 22 '20 at 05:14

score 1 · Answer 2 · answered Jun 22 '20 at 04:21

    Route::middleware(['auth'])->group(function () {
      //Routes available to super admin
      Route::middleware(['role:SuperAdmin'])->group(function () {
        //write route hear 
      });
        
      //Routes available to SuperAdmin, Admin and Moderator
      Route::middleware(['role:SuperAdmin|Admin|Moderator'])->group(function () {
        //write route hear 
      })
  });

try this way to define route group of routing. I already use this syntax and it's work.
define auth in parent middleware group and roles defined in the child middleware groupe.

This is something I'm going for. Tried your solution, but still returns the 404 from the `abort(404);` — daugaard47, Jun 22 '20 at 04:33

linktoahref · Answer 3 · 2020-06-22T04:38:27.467

0

explode the roles in your middleware and check against the available roles

public function handle($request, Closure $next, $role, $permission = null)
{
    $roles = is_array($role)
        ? $role
        : explode('|', $role);

    if (!$request->user()->hasRole($roles)) {
        abort(404);
    }

    if ($permission !== null && !$request->user()->can($permission)) {
        abort(404);
    }

    return $next($request);
}

edited Jun 22 '20 at 04:38

answered Jun 22 '20 at 04:21

linktoahref

7,812
3
29
51

Get error `Call to undefined method App\User::hasAnyRole()` because I don't have that method. What would the `hasAnyRoute` contain. Does it go in the Trait ? – daugaard47 Jun 22 '20 at 04:29
@echo check with the hasRole method – linktoahref Jun 22 '20 at 04:38
Still getting the `abort(404)` Doning this in the route: `Route::middleware(['auth','role:SuperAdmin|Admin'])->group(function () {` – daugaard47 Jun 22 '20 at 04:42
@echo Can you do a `dd($role)` in your middleware and post the response – linktoahref Jun 22 '20 at 04:45
dd = `"SuperAdmin|Admin"` – daugaard47 Jun 22 '20 at 04:47
how is the roles defined in the user model, could you share that...since your table name for the relation is different – linktoahref Jun 22 '20 at 04:55
it's defined via the trait `HasPermissionsTrait` like this: `public function roles() { return $this->belongsToMany(Role::class, 'users_roles'); }` You can see it in my question. – daugaard47 Jun 22 '20 at 04:58
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/216400/discussion-between-linktoahref-and-echo). – linktoahref Jun 22 '20 at 05:01
1

Actually just got it working. Posted my soultion in the question. Let me know your thoughts. Thank you for your help. – daugaard47 Jun 22 '20 at 05:08

How to add multiple roles to a route group laravel

3 Answers3