Laravel 5 Auth for Restful Resource Controllers to restrict resource to logged in user

Question

I have a pretty basic RESTful address manager. I have user accounts setup with user login all based on Auth and am in the process of integrating entrust but that's beyond the scope of this. For now, I simply want to restrict access to my AddressController to users who are logged in. I'm able to do this on a route using:

Route::get('profile', ['middleware' => 'auth', 'uses' => 'UserController@getProfile']);

However if I try this on my RESTful resource as follows it doesn't work - I don't get an error, but the un-authenticated user can still access the resource.

Route::resource('addresses', 'AddressController', ['middleware' => 'auth']);

manix manix · Accepted Answer · 2015-03-15T22:06:43

Try grouping your resources that should use a specific middleware:

Route::group(['middleware' => 'auth'], function(){
    Route::resource('addresses', 'AddressController');
});

Only you know how your scenario is, but another way to run filters in resources is to call to needed middlewares in the resource's constructor like:

class AddressController extends Controller {

public function __construct()
{
    $this->middleware('auth');
}

Laravel 5 Auth for Restful Resource Controllers to restrict resource to logged in user

1 Answers