DEV Community

Muslim Zabirov
Muslim Zabirov

Posted on

Easy way to build admin login into a Laravel 5

Authorization can be tricky. There are thousands of posts about how to perform authentication, but actually verifying who someone is and managing user permissions can be a whole can of worms. Fortunately, Laravel has systems in place that make a tiered login system very easy to implement.

To add authentication to a Laravel 5 app, all you need is one command:

php artisan make:auth
Enter fullscreen mode Exit fullscreen mode

Easy solution for making a Laravel admin page using custom middleware
I am using Laravel 5.5 right now, the latest release. The only specific Laravel 5.5 thing going on is the @guest helper in the frontend Blade directives. In the HTML section of the application, these helpers allow us to easily check if the user is logged in or not:

@auth
    // The user is authenticated...
@endauth

@guest
    // The user is not authenticated...
@endguest
Enter fullscreen mode Exit fullscreen mode

If you’re not using Laravel 5.5 there are other workarounds but you might as well upgrade to the latest version for the new features!

✌ How we achieve this is to add a type column on the users table and check if a user has that type via custom middleware. It sounds fancy but it’s pretty easy!

1) Add the types you want to the User model and a method to check if a user is an admin.

/* app/User.php */
const ADMIN_TYPE = 'admin';
const DEFAULT_TYPE = 'default';
public function isAdmin()    {        
    return $this->type === self::ADMIN_TYPE;    
}
Enter fullscreen mode Exit fullscreen mode

2) Add the type column to the migration that created your users table

/* database/migrations/2014_10_12_000000_create_users_table.php */
$table->string('type')->default('default');
</code></pre>

#### 3) Add a type value to the create method in register controller

<pre><code class="language-php">
/* app/Http/Controllers/Auth/RegisterController.php */
protected function create(array $data)    {        
    return User::create([            
        'name' => $data['name'],
        'email' => $data['email'],            
        'password' => bcrypt($data['password']),            
        'type' => User::DEFAULT_TYPE,        
    ]);    
}
Enter fullscreen mode Exit fullscreen mode

4) Create a custom middleware file to check if a user is an admin. Generate this file using:

php artisan make:middleware IsAdmin
Enter fullscreen mode Exit fullscreen mode
namespace App\Http\Middleware;
use Closure;
class IsAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(auth()->user()->isAdmin()) {
            return $next($request);
        }
        return redirect('home');
    }
}
Enter fullscreen mode Exit fullscreen mode

5) Register the middleware you just created

/* app/Http/Kernel.php */
'is_admin' => \App\Http\Middleware\IsAdmin::class,
Enter fullscreen mode Exit fullscreen mode

6) Add some routes that invoke the middleware

/* routes/web.php */
Route::view('/', 'welcome');
Auth::routes();
Route::get('/home', 'HomeController@index')    
    ->name('home');
Route::get('/admin', 'AdminController@admin')    
    ->middleware('is_admin')    
    ->name('admin');
Enter fullscreen mode Exit fullscreen mode

7) Create an admin controller with

php artisan make:controller AdminController
Enter fullscreen mode Exit fullscreen mode

8) This controller returns the dashboard for whatever view you want your admin to see.

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class AdminController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth');
    }
    public function admin()
    {
        return view('admin');
    }
}
Enter fullscreen mode Exit fullscreen mode

🎉 That’s pretty much it!
Now if you visit /admin and you’re not logged in or logged in as an administrator you won’t be able to access the page. In order to create an admin user you can use the tinker artisan command:

$ php artisan tinker
>>> use App\User;
>>>User::where('email', 'connorleech@gmail.com')->update(['type' => 'admin']);
Enter fullscreen mode Exit fullscreen mode

Discussion (0)