Middleware allows you to protect certain routes from being accessed. So, the best way to kind of show it to you or explain it to you is by coding or creating middleware by yourself.

First open code of your file has in routes folder and open web.php file in which already authentication is provided. So when you access the file in browser you will the login page first and in route you will the redirected page after authentication of login. So this all happens in case of middleware to protect the project as you can see below-:

But in url if you directly put “authentication.test/home” the you will see that you are allowed to access it only if you login with credentials and this will first check by middleware. If you not logged in and put direct url of home then middleware redirect to login page.

Now try to create the own middleware.

It is done easily in Laravel using Php artisan tool as-:

>php artisan make: middleware AdminMiddleware (name)

And the middleware will successfully create.

– Now imagine user is an admin of your application and only they can access a specific row. So to do such conditions.

  1. Go to middleware folder and open “admin middleware file”. In admin middleware file you will find atom as -:
  2. “Return $next ($request)” which says the return of next request.

  3. So for this you have to add a new column in database i.e. 1 or 0 whether the user is an admin or not.
  4. Let’s go to terminal and run command – “>php artisan make: migration add_admin_column_to_users_table” .

    Now you can check migrations in database folder. Open the new migration and make some alteration in code. Insert the table command in up and down function as-:

  5. Now run the migration in console as-:
  6. “php artisan migrate”

    And now jump to database and check the users table. You will found admin-0, let’s create new route and then you can protect this route as to whether this user is an admin or not.

  7. So open the routes- web.php and you were going to create just simple route closure as-:
  8. Go to browser and for now you can access it or any user because it has no middleware protecting it now as-:

  9. Now let’s go and change-:
  10. – Open admin middleware file and in that file just simple write and run if condition.

    So in file- in the function writes if condition as-:

    If (auth () ->guest()) as-:

– If user is a guest then redirect to home page instead of login page. Because you created the middleware but you don’t actually tie it to route, so to do that you can actually go back to the routes in “web.php file”. Now define that you want middleware of admin to be run before accessing this route as-:

	Route::get (‘admin’, function () {
	Echo ‘you are an admin!’;
	}) ->middleware (‘admin’);
	
	

So now you need to add middleware inside of kernel. Inside “kernel.php file” in middleware, just add under the auth or get out at the end as mark below-:

Now check the admin middleware by run in browser and you will see the login page of Laravel. Login with user credentials and check by open both home. If admin page also opens directly without login privacy after login for home page then you should make some more changes for admin.

– If you check the database the admin is same as equal to zero but admin page should only login if admin is equal to one that’s simply enough.

– Go back to admin middleware page and write a code to say if the authenticated user is a guest then you want to redirect them to the home page so you can write as-:

	If (auth) ->user ()->admin){
	Return redirect(‘/’);
	}
	Return $next ($request);
	

Complete code is as-:

Now go to browser and try to access the respective route such as- authentication.test/admin

– As you applied the privacy for admin but user is not an admin to give the user privilege, make the user as admin by write 1 in admin column as-:

Now go to browser and try to access the route and now the url will run.

– Now as you added the middleware in Web.php also as-:

As you add the middleware in route, you should also add middleware in constructor

so that it will be confirm that before any of these methods actually get accessed they will run the code inside of that middleware so middleware again is just simply a enough way to run the code before allowing access to any specific routes.

Copyright 1999- Ducat Creative, All rights reserved.