DEV Community

Multiple role-based authentication in Laravel

Solomon Eseme on January 26, 2019

Hey guys, in this article, am going to show you how toimplement multiple role-based authentication in Laravel even if you have many different users...

Read full post

Martin Betz • Dec 20 '19 • Edited

And here's another refactor to make it even conciser and easier to read and change. It is using a lookup array to isolate changes (just add a new item to the array for a new role) and have one execution path (one redirect line instead of 5).

public function handle($request, Closure $next)
    {
        if (!Auth::check()) {
            return redirect()->route('login');
        }

        if (Auth::user()->role == 3) {
            return $next($request);
        }

        $destinations = [
            1 => 'superadmin',
            2 => 'admin',
            4 => 'team',
            5 => 'academy',
            6 => 'scout',
        ];

        return redirect(route($destinations[Auth()::user()->role]));
    }

Solomon Eseme • Dec 24 '19

I'm Having errors after implementing this.
I logged in as academy then try to visit the admin dashboard by typing the route to it in the browser and i got this -> "Call to undefined method Illuminate\Auth\AuthManager::user()"

⚓Timmy Iwoni ⚓ • May 28 '20

In Martin's implementation there's a typo of the parenthesis when calling the Auth facade... So instead of Auth()::user()->role, it should be Auth::user()->role

Solomon Eseme • May 28 '20

Oh that's true.. I will fix that..

Martin Betz • Dec 24 '19

I'll replicate it soon, probably I just have a typo somewhere.

Solomon Eseme • Dec 24 '19

Sure. I will be expecting.

𝙹𝚒𝚋𝚛āʾī𝚕 ⚡ • Oct 14 '20

a comment that make me awkwardly happy

Solomon Eseme • Dec 21 '19

Wow.. it's getting more clean and clear.. Thanks for the update.

Martin Betz • Dec 16 '19 • Edited

May I propose a refactor for the handle method? You could save some duplications by flipping the logic. If you first ask for if the user is not logged in, redirect to login you catch this case once and can skip it for everything that follows. Also, instead of else…else, you can simply use if…if. If a case proves true, you return something and the function stops, so you do not need an else. This reduces cognitive load.

public function handle($request, Closure $next)
{
    if (! Auth::check()) {
        return redirect()->route('login');
    }

    if (Auth::user()->role == 1) {
        return redirect()->route('superadmin');
    }

    if (Auth::user()->role == 5) {
        return redirect()->route('academy');
    }

    if (Auth::user()->role == 6) {
        return redirect()->route('scout');
    }

    if (Auth::user()->role == 4) {
        return redirect()->route('team');
    }

    if (Auth::user()->role == 3) {
        return $next($request); 
    }

    if (Auth::user()->role == 2) {
        return redirect()->route('admin');
    }
}

Amir Hameed • Apr 20 '20

What about switch statement?

Martin Betz • Apr 21 '20

Yes, switch would cut some duplicate lines. I would still propose the lookup array pattern as recommended in this extra comment as it is a lot easier to add and cut arguments and is super easy to read.

Amir Hameed • Apr 21 '20

These if statements could also be one-liners to save some more characters and space.

Martin Betz • Apr 21 '20

Yes, but there still would be lots of repetitions even in short-form. Maybe I can write an own article soon about possible refactorings so that people can learn and compare. The original poster went with the simple if solution but there are multiple ways to make it shorter and easier to maintain.

Amir Hameed • Apr 21 '20

Indeed.
Tell me where can I start a new discussion?

Martin Betz • Apr 21 '20

Just put a comment on the root of this article: dev.to/kaperskyguru/multiple-role-...

Solomon Eseme • Dec 17 '19

This is great, thanks for your contribution, I will refactor immediately.

Solomon Eseme • Dec 17 '19

Updated now..

omaresmael • Oct 30 '20 • Edited

It was a beautiful tutorial, there is a routing refactor must be done tho, in order to function properly in laravel 8

Route::get('/player', [PlayerController::class,'index'])->name('player')->middleware('player');

instead of

Route::get('/player', 'PlayerController@index')->name('player')->middleware('player');

there are other ways to solve this problem but that just my favorite one

VNC Digital Services Pvt Ltd • Jan 24 '20

This work for page level and route level access control. Is there any guide for page element access control? Such as hide delete button for non-admin, disabled edit capability for certain form field access control?

Solomon Eseme • Feb 2 '20 • Edited

You can use action based control, like Spartia library for such.
github.com/spatie/laravel-permission

Ravi K. Ameriya • Jan 21 '21 • Edited

created role middleware but getting an error

error: Attempt to read property "role" on null

middleware function below as :
public function handle(Request $request, Closure $next)
{
if (!Auth::check()) {

        return redirect()->route('login');
    }

    if (Auth::check() && Auth::user()->role == 1) {

        return $next($request);
        //return redirect()->route('dashboardShow');
    }

    if (Auth::check() && Auth::user()->role == 2) {


        return $next($request);
        //dd('user');
    }

    abort(404);  // for other user throw 404 error

}

VP • Jun 12 '20 • Edited

i used your code and i am getting this error

127.0.0.1 redirected you too many times.

Boy Panjaitan • Feb 26 '20

How if the user have multiple account with different roles,but with the same credentials ? I assumed this nice guide not covered it yet :)

Salomon Dion • Jun 23 '20 • Edited

In that case, create a separate table for roles and permissions (spatie/laravel-permission can help). Then, create the permissions and roles and assign permissions to roles. I would recommend as best practice to rely mainly on permissions in your applications as differents roles may have common permissions. Now, when a user is created assign him a role, and rely on this first role for redirect ($user->roles()->id). You can have a menu where he can switch to another dashboard based on his roles. Hope it helps.

Solomon Eseme • Feb 27 '20

Yes the article didn't cover that. But I will suggest you use OTP to implement such scenerios.

Estern Winluck • Apr 10 '20

Great!
I wish to know how to handle when a user has multiple roles ie. superadmin and admin

ryan • Aug 4 '20

Nice, this was a great tutorial!