Answer the question
In order to leave comments, you need to log in
V
V
Viktor Grachev2014-09-05 13:10:52
Viktor Grachev, 2014-09-05 13:10:52
Laravel 4: How to secure admin and user routes?
Good afternoon! Can you please tell me how to properly separate the routes of users and administrators? So that during authorization, the user gets to his home page and can only go through the necessary routes, and the admin gets to his page and can see only his routes.
My routes.php file
Route::get('/', array(
'as' => 'home',
'uses' => '[email protected]'
));
Route::group(array('before' => 'auth'), function(){
//защита от подделки межсайтовых запросов
Route::group(array('before' => 'csrf'), function(){
//Изменить пароль(POST)
Route::post('/account/change-password', array(
'as' => 'account-change-password-post',
'uses' => '[email protected]'
));
});
//Изменить пароль(GET)
Route::get('/account/change-password', array(
'as' => 'account-change-password',
'uses' => '[email protected]'
));
//просмотр профиля пользователя
Route::get('/user/{username}', array(
'as' => 'profile-user',
'uses' => '[email protected]'
));
//Выход пользователя(GET)
Route::get('/account/sign-out', array(
'as' => 'account-sign-out',
'uses' => '[email protected]'
));
});
// Группа админов
Route::group(array('before' => 'admin'), function(){
//вывод главной страницы админа
Route::get('/dashboard', array(
'as' => 'dashboard',
'uses' => '[email protected]'
));
//вывод новых заявок
Route::get('/tiket-new', array(
'as' => 'tiket-new',
'uses' => '[email protected]'
));
//вывод заявок в работе
Route::get('/tiket-work', array(
'as' => 'tiket-work',
'uses' => '[email protected]'
));
//вывод завершенных заявок
Route::get('/tiket-complete', array(
'as' => 'tiket-complete',
'uses' => '[email protected]'
));
//вывод заявок в архиве
Route::get('/tiket-arhive', array(
'as' => 'tiket-arhive',
'uses' => '[email protected]'
));
});
// Группа юзеров
Route::group(array('before' => 'user'), function(){
//вывод главной страницы админа
Route::get('/user-dashboard', array(
'as' => 'user-dashboard',
'uses' => '[email protected]'
));
});Unfortunately, with such routes, admins and users can see each other's pages. Can you please tell me in as much detail as possible how to distinguish between different user groups?
2 answer(s)
@cyberS7
@azuron
S
Stanislav Kim, 2014-09-05 @cyberS7
array('before'=>'auth')
laravel.com/docs/security
in admin controller
<?php
class DashboardController extends BaseController {
public function __construct() {
$this->beforeFilter('auth');
}
.....
.....
.....
}V
Viktor Grachev, 2014-09-05 @azuron
I wrote as you showed and I don’t have a user on the site at all.
Here is my user authorization code.
//Вход на сайт
public function postSignIn(){
//принимаем все поля из формы и валидируем
$validator = Validator::make(Input::all(),
array(
'email' => 'required|email',
'password' => 'required'
));
if($validator->fails()){
//если есть ошибки то редиректим на форму входа пользователя и показываем ошибки
return Redirect::route('account-sign-in')
->withErrors($validator)
->withInput();
} else {
//проверяем состояние чекбокса о запоминании пользователя
$remember = (Input::has('remember')) ? true : false;
//получаем все поля из формы авторизации и проверяем нажата ли галочка запомнить меня
$auth = Auth::attempt(array(
'email' => Input::get('email'),
'password' => Input::get('password'),
'active' => 1
), $remember);
if($auth){
if (Auth::user()->role==5) {
//редирект на нужную нам страницу после авторизации
return Redirect::intended('/dashboard');
}
if (Auth::user()->role==1) {
//редирект на нужную нам страницу после авторизации
return Redirect::intended('/user-dashboard');
}
} else {
return Redirect::route('account-sign-in')
->with('global', 'Email или пароль не верны или аккаунт не активирован.');
}
}
Similar questions
S
D
denis_213213212020-04-26 16:40:56
What is the purpose of the {{ __(text) }} template construct?
1Reply
D
I
Ivan Tokar2015-10-22 13:18:13
How to use artisan to migrate:rollback or :refresh just one table?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question