I am making a project and the table Users haver a column called "tipo de usuario" (type of user in spanish) so I need that one kind of user (client) can't acces to some views that the other user (staff) does, in laravel I am using this in my controllers:
public function __construct(){
$this->middleware('auth');
}
That is working so only logged users can acces, but then if a client try to acces to a view that should be only for my staff then he can do it because they both are logged users.
Assuming that you have different roles for the users.
You can create another middleware using the artisan command:
php artisan make:middleware <name>
Then, on the handle method, you can check the role of the user
Something like this:
public function handle($request, Closure $next)
{
if (auth()->user()->role !== 'staff') {
// Response if not staff
}
return $next($request);
}
Don't forget to register the middleware on the kernel (app/http/)