Skip to main content
HashnodeAhtesham's Blog

Command Palette

Search for a command to run...

Access authenticated user in Route files in Laravel

Published
2 min read
Access authenticated user in Route files in Laravel
A
Ahtesham Abdul Aziz

Hi folks,

I already taking 3 hours on this one only.
Try to make the routes for 2 type of users, eg: for role_id 1 & 3 so that no other user can access another user routes, I know its very much possible with Middleware, but sometimes we need simple & plain approach.

What I try:


    if (Auth::user()->role_id == 3) {
        Route::get('students', StudentList::class)->name('students');
        Route::get('batches', Batches::class)->name('batches');

        Route::get('queries', Batches::class)->name('queries');
        Route::get('queries/{conversation}', Batches::class)->name('query');

        Route::get('attendance', Batches::class)->name('attendance');

        Route::get('library', Library::class)->name('library');
        Route::get('library/add', AddLibrary::class)->name('library.add');
        Route::get('library/{library}/edit', EditLibrary::class)->name('library.edit');

        Route::get('assignments', Assignments::class)->name('assignments');
        Route::get('assignments/submissions', RecentAssignmentSubmissions::class)->name('assignments.submissions');
        Route::get('assignments/add', AddAssignment::class)->name('assignments.add');
        Route::get('assignments/{assignment}/edit', EditAssignment::class)->name('assignments.edit');

        Route::get('profile', Batches::class)->name('profile');
        Route::get('change-password', Batches::class)->name('change-password');
    }

But in route files Auth::user() & auth()→user() is always null, so I will use middleware for that:

Teacher middleware

class OnlyTeacher
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        // Get the authenticated user
        $user = $request->user();

        // Check if the user is authenticated and has one of the allowed roles
        if ($user->role_id == 3) {
            return $next($request);
        }

        // Redirect unauthorized users to a specific route (e.g., home)
        return redirect('/')->with('error', 'You do not have permission to access this page.');
    }
}

But when I thorough, You can also see that, there is request in middleware handle, which is also we can use in controllers & routes.

So I got the simple idea separate the routes based on user role will be below:


Route::group(function (Request $request) {
    if ($request->user()->role_id == 3) {
        // teacher routes here
    }
    if ($request->user()->role_id == 1) {
        // admin routes here
    }
});

As you can see the approach very clean & simple.
Yes there is many benefits to using middleware, but why loading extra middleware for simple & small tasks?

Let me know if anything not good enough.

Laravel version 12

#routefiles#laravelroutes#useraccess#laravel#authentication#authenticated#middleware#laravelrolesandpermissions#multi-user-access#web-development#php-framework#coding-tips
9 views

Comments

Join the discussion

No comments yet. Be the first to comment.