silk vortex
I thought I could just slap some code in my authorize function and check if the user has the correct role. The problem of course is that you then get a 403 error when you try to login with the wrong account instead of some validation error. What would be a nice way to do this?
public function authorize()
{
$user = User::where('email', '=', $this->input('email'))->first();
return $user && $user->hasRole(Role::super_admin()->value);
}
obtuse cave
What are you expecting to happen?
If you’re checking a user has a role, and they don’t have that role, then yeah, they should be forbidden from executing the given request.
I also make a separate middleware for role checking that I can stack on the auth middleware so you’re not querying the authenticated user again in a request.
middleware('auth', 'role:super_admin')
silk vortex
@obtuse cave
Hey, sorry I forgot to respond. And yes I realize that was expected to happen, just wasn't sure what the correct way to do it was. I ended up creating a separate middleware to check the user's role and got rid of the auth part in the formrequest altogether.
obtuse cave
Yeah, it’s better to have many, smaller middleware classes than trying to add many concerns to a single middleware class.