Laravel Redirect If Authenticated middleware

Question

I have three type of users for the application, Each one have its own dashboard. I need a check that adminor any other user cannot see another user dashboard.

There is a middleware RedirectIfAuthenticated :

public function handle($request, Closure $next, $guard = null){

    if (Auth::guard($guard)->check() && auth()->user()->type == 'admin'){
        return redirect('/admin');
    }

    if (Auth::guard($guard)->check() && auth()->user()->type == 'author'){
        return redirect('/author');
    }

    if (Auth::guard($guard)->check() && auth()->user()->type == 'client'){
        return redirect('/client');
    }
}

Its under guest middleware.

The above code seems good to me but when i tests it, The browser says Too many redirects.

What am i doing wrong, What will be the best way to handle it.

Answer 1

You may have misunderstood the purpose of that middleware. The purpose of RedirectIfAuthenticated is to redirect a user to their default authenticated page. It is not meant to block unauthenticated/unauthorised users from accessing specific areas.

What you need to do is redirect if not authorised. Since this is a simple case you can just have a middleware:

class RequireRole {
     public function handle($request, Closure $next, $role) {
          abort_unless(auth()->check() && auth()->user()->type == $role, 403, "You don't have permissions to access this area");
           return $next($request);
     }
}

Then register this middleware in your Kernel.php

protected $routeMiddleware = [
        //Other middleware
        "requirerole" => RequireRole::class
];

Then you can use it in your routes e.g.

Route::get('/admin', function () { /* action */ })->middleware("requirerole:admin");

However if you find yourself in need of more complex rules then take a look at Authorization

Answer 2

Need to modify the code a bit

public function handle($request, Closure $next, $guard = null){

        if (Auth::guard($guard)->check() && auth()->user()->type == 'admin'){
            return redirect('/admin');
        }

        if (Auth::guard($guard)->check() && auth()->user()->type == 'author'){
            return redirect('/author');
        }

        if (Auth::guard($guard)->check() && auth()->user()->type == 'client'){
            return redirect('/client');
        }
        return $next($request);
}

Answer 3

You have to add an extra check for every if statement to see if you are not already on the route where it's going to redirect to

Maybe something like:

&& $request->is('admin')

Answer 4

Just split your checks and keep the original return:

     public function handle($request, Closure $next, $guard = null){
             if (Auth::guard($guard)->check()){

               if(Auth::user()->type == 'admin'){
                    return redirect('/admin');
               }
               if(Auth::user()->type == 'author'){
                    return redirect('/author');
               }
               if(Auth::user()->type == 'client'){
                    return redirect('/client');
               }
            }
            return $next($request);
    }

Answer 5

As pointed in the accepted answer, the purpose of the middleware is to redirect a user if he is authenticated.

Now if you check App\Http\Kernel.php you will see that the middleware is attached to guest route middleware variable.

So any route you assign the middleware of guest will not be accessible to an authenticated user.

To solve your problem create another middle as pointed in the accepted answer.

What you need to do is redirect if not authorised. Since this is a simple case you can just have a middleware:

    public function handle($request, Closure $next, $role) {
        abort_unless(auth()->check() && auth()->user()->type == $role, 403, "You don't > have permissions to access this area");
          return $next($request);
    }
}

Then register this middleware in your Kernel.php

      //Other middleware
       "requirerole" => RequireRole::class
];

Then you can use it in your routes e.g.

Route::get('/admin', function () { /* action */ })->middleware("requirerole:admin");

In reality, you may not need to modify default files that come with laravel unless it is inevitable.