#Middleware not working!

Hello to everyone, I wanted to add the "Unauthorized Access" Middleware for the Users that doesn't have the right permission to visit some web pages.
This is my middleware:
class CheckIfStaff

    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        if(Auth::user() && Auth::user()->is_staff === 1) {

        return $next($request);
    }

    throw new NotStaffException();
    }
}```

This is my Exception:
```class NotStaffException extends Exception
{
    /**
     * Render the exception into an HTTP response.
     *
     * @param  \Illuminate\Http\Request
     * @return \Illuminate\Http\Response
     */
    public function render($request)
    {
        return response()->view('errors.not_staff', [], 403);
    }
}```


And in /bootstrap/app.php:
`  ->withMiddleware(function (Middleware $middleware) {
        $middleware->append(CalculateTopUsersActivity::class);
        $middleware->alias([
            'is_staff' => App\Http\Middleware\CheckIfStaff::class
        ]);
    })`

In web.php:
`Route::get('/create-staff', [FrontController::class, 'createStaff'])->name('staff')->middleware('is_staff');`

It doesn't work though. If I use "`$middleware->append(CheckIfStaff::class);`"
And the web.php in the same way I said, it would make the Middleware be global, so for every page I go, I would see error 403, from "IsNotStaff exception".. How I can solve this?

Not sure what you're asking here, but $middleware->append() would append that middleware to the stack. It doesn't just register it, it would apply the middleware too. If you only want it on certain routes, you'd remove it from there and just apply it to the routes itself, possibly with a group.

What I did is:
Route::middleware([CheckIfStaff::class])->group(function () { Route::get('/create-staff', [FrontController::class, 'createStaff'])->name('create-staff'); });
But still the middleware seems to not block an user which has not the "is_staff = 0"

Then I guess try dumping values in the middleware, debug why it's not working

What you mean "dumping values"

var_dump of the is_staff value?

Like dd() or dump(). You'd have to do some debugging, find out what's happening. That's just difficult to tell from a code snippet.

Im trying to use Log:info inside the Middleware handle, but it seems the middleware doesn't even exists.. I'll try to register it and see what happens, because it works only if I append it

I just find out that when I do on my middlware
$user = Auth::check();
it returns false

But it's weird, it shouldn't since Im logged in, any suggestion?

I mean, then you're probably not signed in? 😅 How are you calling this route?

Okay I'll explain to you better:
I'm using Fortify, everything is already set up and running with Database and relationships included. This project has been going on for months and has never given me any problems also because the syntax of exists in many controllers
"Auth::user()" and in the same Blade views I have many IF statements with conditions like:
if(Auth::user()) ...

Since I created a section only visible to those who have access, I should now implement this access ban for unauthorized people. I therefore wanted to set up a middleware that would go into the user database table, check if my user has "is_staff = 1" as parameter and if so, then the request can be continued:
return next($request)
Otherwise
throw new IsNotStaff;

Furthermore, I also did a test and, if I do the dd(Auth::check()) in my "welcome.blade.php" view, it returns "true", but not in the middleware.

I'll make a video, wait

But like, not answering my question 💀

For example, if this route is called through AJAX, with like Axios, then all you it is you might need to do is add the withCredentials: true setting