I have about 10 type of users role in laravel application, where e.g.
user_type_1 and user_type 4 are accessing url-1.
user_type_7, user_type_5 and user_type 4 are accessing url-2.
user_type_5, user_type_1, user_type_3 and user_type 6 are accessing url-3.
............................................
............................................
n number of combination of routes. url according to user type.
My route/web.php file have about 1500 routes and currently not seperated as group using middleware. I have to restrict user for only urls that is authorized for that kind of user_type. Can you please suggest any better approach for doing this.
I had tried with making combination of url with middleware group like below, but after few work left this approach.
Route::group(['middleware' => ['middleware_user_type_1', 'middleware_user_type_2']], function () {
Route::get('url-1', 'XYZController@someMethod');
});
In this way request first goes to first middleware in array and if not valid user type then not try with second middleware.
You need to implement one middleware and pass user types to it.
Route::group(['middleware' => ['check_user_type:type_1,type_2']], function () {
Route::get('url-1', 'XYZController@someMethod');
});
Take a look how similar logic implemented in spatie/laravel-permission role middleware.
Route::group(['middleware' => ['role:super-admin|writer']], function () {
//
});
Middleware then explodes roles string by the separator, and then check if the current user has any of the roles.
You can define middleware and roles in route group. Firstly you are define roles management in middleware.
Route::group(['middleware' => ['roles'], 'roles' => ['role_1','role_2], function () {
Route::get('/index', [
'uses' => 'ExampleController@index',
'as'=> 'index'
]);
});
out of the box you can implement Policies:
https://laravel.com/docs/5.6/authorization#creating-policies
Regards.