I'm working on Laravel and try to make anACL system. I have a Role Middleware From myController I've sent Role to my RoleMiddleware two way.
first one is send string.
$this->middleware('HasRole:User|Admin|Author');
this way i'm get a string when use dd() function.
and the second way is.
$this->middleware('HasRole:User,Admin,Author');
this way i'm get an array when use dd() function. but this array only contains a single value.
result like this.
array:1 [▼ 0 => "User" ]
other two value Admin & Author doesn't appear in this array.
How can i work both way string & array
Here is my middleware.
public function handle($request, Closure $next,$role='')
{
$roles=is_array($role)? $role: explode('|', $role);
dd($roles);
if($request->user()===null)
{
return response('Insufficient Access',401);
}
if($request->user()->hasAnyRole($roles) || !$roles)
{
return $next($request);
}
return response('Insufficient Permission',401);
//return $next($request);
}
I know maybe not exactly the answer to your question, but I recommend you to use laravel authorization instead middleware. see this doc
I prefer to use this code for your problem in the controller:
$this->authorize('update', $post);
or:
if ($user->can('create', Post::class)) {
// Executes the "create" method on the relevant policy...
}
then inside the policy file, you should specify the statement like:
if ($user->isSuperAdmin() || $user->id === $post->user_id) {
return true;
}
if you want middleware to automatically convert your string to array then middleware $role params should be like this
public function handle($request, Closure $next, ...$roles)
{
dd($roles);
if($request->user()===null)
{
return response('Insufficient Access',401);
}
if($request->user()->hasAnyRole($roles) || !$roles)
{
return $next($request);
}
return response('Insufficient Permission',401);
//return $next($request);
}
Then use it like this $this->middleware('HasRole:User,Admin,Author');
OR
But if you want some other character to separate your roles like | then the code should be
public function handle($request, Closure $next, $role = '')
{
$roles = explode('|', $role);
dd($roles);
if($request->user()===null)
{
return response('Insufficient Access',401);
}
if($request->user()->hasAnyRole($roles) || !$roles)
{
return $next($request);
}
return response('Insufficient Permission',401);
//return $next($request);
}
And use it like $this->middleware('HasRole:User|Admin|Author');
You can use both, just add some code in your middleware.
public function handle($request, Closure $next,...$role)
{
//add two line
$str_role=explode('|',$role[0]);
$roleString=$str_role;
$roles=is_array($role)? $role : is_array($roleString)? $roleString : null;
//dd($roles);
if($request->user()===null)
{
return response('Insufficient Access',401);
}
if($request->user()->hasAnyRole($roles) || !$roles)
{
return $next($request);
}
return response('Insufficient Permission',401);
//return $next($request);
}
NOW, you can use.
$this->middleware('HasRole:User|Admin|Author');
OR,
$this->middleware('HasRole:User,Admin,Author');