0

I have a laravel application that allows both admins and customers to gain access to it and for each one of them will have specific permissions using 2 separated tables for each type of user to auth and 2 different guards. what I need now is to give customers access specific methods inside the controller and the admin have access to all methods.

class OrdersController extends Controller
{
    public function __construct()
    {
        $this->middleware(['auth:client'])->only(['index', 'create', 'store', 'edit', 'printOrder']);
        $this->middleware('auth:admin');
    }

but it works fine for the client and it's not working for the admin

4

2 回答 2

1

You have two options

  1. define the desired middleware on the corresponding routes
Route::get('/some-route', [
    'uses' => 'OrdersController@create',
    'as' => 'create-order',
])->middleware('auth:client');
  1. check inside the method, if the correct auth took place auth('auth:client')->check()
于 2020-03-05T14:27:45.383 回答
0

I suggest separating the controllers when the access is based on roles (not permissions), otherwise (if the access is based on permissions) then the middleware should also be based on permissions for example

$this->middleware('can:update order')->only(['update','edit']);
$this->middleware('can:store order')->only(['store','create']);

于 2020-03-05T14:27:14.147 回答