vendredi 27 avril 2018

Laravel 5.1 use session to restrict direct access using urls users based on user role

I have 2 laravel projects, 1 for the front end where i m using html css angularjs. The second for api controllers. I call using http post and get the api controllers functions using angularjs to get content data.

In the front end i have a menu this menu appears differently based on user role, if admin or no.

This is done. My problem is the access for views using the url in the browser.

So I have a query where I get for each user what modules in the menu can he see. Now I'm putting the result in Laravel session.

$menu = DB::select menu by user id ... //Getting menu query based on user if admin or no

session(["menu" => $menu);
return session('menu');

I'm getting the results and the menu is showing good in the website based on the logged user if he s admin or no.

Now, to solve the direct url access issue, I want to use this session and compare the url to this session, if the url exists in the session i will let him access, if no i will redirect him to somewhere. any idea?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire