I am slightly confused by something. For Authentication, I am using LDAP, more specifically this http://ift.tt/20j2J9p
That LDAP library I am using essentially works on top of Laravels Authentication Facade.
Everything is fine, I can log in and out now using LDAP. When logged in however, I have an update users buttons. This essentially uses LDAP to get all the groups a user is apart off. So I have three tables,
users
groups
users_groups
When the button is pushed, I add all users to the users table. I then add all unique groups to the groups table. The last table users_groups is essentially a pivot table which links a users_id to a groups_id.
By the end of this, I can see that I am for instance apart of 3 groups, one of which is the admin group. I can also see all members of this group by doing this
$group = Group::where('groupName', 'admin')->first();
$users = $group->user;
Now there are some routes I only want to make available to admin users. I can see in Kernel.php there is the following
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
];
At the moment I am only using auth to make sure the user is logged in. Obviously I do not have an admin one set up yet, and I think the way I am doing it there could be a problem because I am creating my own groups table.
How would I go about blocking access to a particular route to only users who are apart of the admin group?
Thanks
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire