Скачать или смотреть How to Display Access Denied in Laravel for Non-Super Admin Users

Learn how to restrict access in Laravel by displaying an `Access Denied` message for users who are not Super Admins and redirect them accordingly.
---
This video is based on the question https://stackoverflow.com/q/62351829/ asked by the user 'mikefolu' ( https://stackoverflow.com/u/12510040/ ) and on the answer https://stackoverflow.com/a/62351967/ provided by the user 'WebDev' ( https://stackoverflow.com/u/10806294/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Laravel - How to display Access Denied if not Super Admin

Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/l...
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license.

If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
Introduction

In web applications, managing user access and permissions is a critical aspect of ensuring security and proper functionality. In a Laravel application, you might face scenarios where only specific users, such as Super Admins, should have access to certain routes or functionality. In this guide, we will walk you through a common problem: how to display an "Access Denied" message for users who are not Super Admins when they attempt to access restricted areas of the application.

The Problem

You have an AdminLoginController that handles the login form for administrators. The key challenge here is to ensure that if a logged-in user is not a Super Admin, they should see an Access Denied message instead of accessing the admin dashboard. If a user is indeed a Super Admin, they should be redirected to the dashboard.

Here’s the existing code structure:

AdminLoginController

[[See Video to Reveal this Text or Code Snippet]]

Route Declaration

[[See Video to Reveal this Text or Code Snippet]]

The primary question is: How can we implement this access restriction in Laravel? Let’s dive into the solution.

The Solution

To achieve the desired restriction, you will need to follow a few key steps outlined below:

Step 1: Configure Roles

First, ensure that you have defined the roles correctly in your application. You might be using a package like spatie/laravel-permission to handle roles. To set up a new role, navigate to your config/auth.php file and add the role if not already defined.

[[See Video to Reveal this Text or Code Snippet]]

Step 2: Update the Controller

Next, modify your AdminLoginController to check if the user is a Super Admin. You will need to implement some logic in the controller's method that handles the admin section.

[[See Video to Reveal this Text or Code Snippet]]

In this setup:

The controller checks if a user is authenticated (Auth::check()).

If the user has the role of Super Admin, they are redirected to the dashboard.

If they do not have this role, they will see the Access Denied page with an appropriate HTTP status code (403).

Step 3: Middleware for Dashboard Access

For your dashboard, you should also restrict access. To do this, add a constructor to your Dashboard controller with middleware for the Super Admin role:

[[See Video to Reveal this Text or Code Snippet]]

This middleware will ensure that only Super Admins can access the methods within the Dashboard controller.

Conclusion

By following the steps outlined above, you can effectively manage user permissions in your Laravel application. Restricting access based on roles not only secures sensitive areas of your application but also enhances the user experience by ensuring that users receive clear feedback on their permissions, such as an Access Denied page.

With this implementation, you have set up a reliable way to control access for your admin dashboard, ensuring that only authorized Super Admins can access important features.

If you have any questions, feel free to share in the comments below!