How to protect admin routes

Help for integrating the Laravel package
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
mr robot
Posts: 1
Joined: 05 Nov 2015, 19:39

How to protect admin routes

Post by mr robot » 05 Nov 2015, 20:24

I've added these lines to app/Http/routes.php:

Code: Select all

Route::group(['middleware' => 'auth'], function() {
        require base_path('vendor/aimeos/aimeos-laravel/src/routes.php');
});
But the admin board still opens up without authentication.

I'm on Laravel 5.1 and I've just followed the official instructions to install Aimeos : )

User avatar
aimeos
Administrator
Posts: 3097
Joined: 01 Jan 1970, 00:00

Re: How to protect admin routes

Post by aimeos » 05 Nov 2015, 21:07

mr robot wrote: But the admin board still opens up without authentication.
That's a very good question! ;-)

Laravel offers the authentication middleware (you can add it in ./config/shop.php -> "routes" config) but it has no way to make a difference for user and admin authentication. This means that an authenticated customer can also access the admin interface.

Since Laravel 5.1.11 there's a authorization service available (http://laravel.com/docs/5.1/authorization) that might do the job but I don't have any experience with that yet. If you know how it works, please let us know :-)
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

Post Reply