I was building an API. I had already used auth:api middleware. I was sure that a user was logged in. However, I wanted to protect some of my routes further by only allowing an admin to access them. I was using level field in users table. A level 1 meant it was an admin. Hence, I created an Admin middleware to do what I had in mind. Here is how it can be done.
-
First of all, create a new middleware. It can be named anything you like
php artisan make:middleware Middlewarename -
Open
app\Http\Middleware\Middlewarename.php -
Then paste following code in
handle()function
// ->level can be any field you like
if (\Auth::user()->level === 1) {
return $next($request);
} else {
// redirect or throw error or anything you want;
}
-
Then open
app\Http\Kernel.phpand add new middleware in$routeMiddleware
'admin' => \App\Http\Middleware\Middlewarename::class, -
Then you can specify middleware in routes like below
Route::get('/route', [AnyController::class, 'route'])->middleware('Middlewarename');