Page 1 of 1

How to protect admin routes

Posted: 05 Nov 2015, 20:24
by mr robot
I've added these lines to app/Http/routes.php:

Code: Select all

Route::group(['middleware' => 'auth'], function() {
        require base_path('vendor/aimeos/aimeos-laravel/src/routes.php');
});
But the admin board still opens up without authentication.

I'm on Laravel 5.1 and I've just followed the official instructions to install Aimeos : )

Re: How to protect admin routes

Posted: 05 Nov 2015, 21:07
by aimeos
mr robot wrote: But the admin board still opens up without authentication.
That's a very good question! ;-)

Laravel offers the authentication middleware (you can add it in ./config/shop.php -> "routes" config) but it has no way to make a difference for user and admin authentication. This means that an authenticated customer can also access the admin interface.

Since Laravel 5.1.11 there's a authorization service available (http://laravel.com/docs/5.1/authorization) that might do the job but I don't have any experience with that yet. If you know how it works, please let us know :-)