1
votes

My two routes 'admin.media.begin-destroy' and 'admin.media.destroy' fails when middleware => 'auth'.

When trying to access the route 'admin.media.begin-destroy' I will get presented with the login page from the authentication controller, and I cannot get away from that without trying to access another page.

on my development machine it works fine both with and without auth middleware

Here are my routes that are protected:

Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function() {
  Route::get('/', ['as' => 'admin.dashboard', 'uses' => 'Admin\DashboardController@index']);    

  Route::get('show/{show}/toggle',['as' => 'admin.show.toggle','uses'=>'Admin\ShowController@toggle']);
  Route::resource('show', 'Admin\ShowController');

  // The admin.media.begin-destroy and admin.media.destroy fails when middleware => 'auth'
  Route::get('media/begin-destroy-ddd/{id}', ['as' => 'admin.media.begin-destroy', 'uses' => 'Admin\MediaController@beginDestroy']);
  Route::resource('media', 'Admin\MediaController', ['only' => ['index', 'create', 'store', 'destroy']]);

  Route::get('order', ['as'=> 'admin.order.index', 'uses' => 'Admin\OrderController@index']);
  Route::get('order/list-for-modification', ['as' => 'admin.order.list-for-modification', 'uses' => 'Admin\OrderController@listModify']);
  Route::get('order/{order}/begin-destroy', ['as' => 'admin.order.begin-destroy', 'uses' => 'Admin\OrderController@beginDestroy']);
  Route::delete('order/{order}/destroy', ['as' => 'admin.order.destroy', 'uses' => 'Admin\OrderController@destroy']);
});

The controller method for 'admin.media.begin-destroy' and 'admin.media.destroy' are super simple:

public function beginDestroy($filename)
{
    return view('admin.media.begin-destroy', compact('filename'));
}

/**
 * Remove the specified resource from storage.
 *
 * @param  int  $filename
 * @return Response
 */
public function destroy($filename)
{
    Storage::disk('free-media')->delete($filename);
    return redirect()->route('admin.media.index');
}

I am very puzzled why this doesn't work.

Edit!--- Trying to work me around the problem I

/ Moved the problematic routes into its own group with no middleware

Route::group(['prefix' => 'admin'], function() {
  Route::get('media/begin-destroy/{id}', ['as' => 'admin.media.begin-destroy', 'uses' => 'Admin\MediaController@beginDestroy']);
  Route::resource('media', 'Admin\MediaController', ['only' => ['index', 'create', 'store', 'destroy']]);
});

/ Added the middleware registration in the Admin\Mediacontroller Constructor, I cannot add beginDestroy, because it will fail for unknown reason public function __construct() { $this->middleware('auth', ['except' => ['beginDestroy']]); }

// In beginDestroy, I then check for the user, and the User is not logged in WTF

public function beginDestroy($filename)
{
    if (Auth::check())
    {
        return view('admin.media.begin-destroy', compact('filename'));
    }
    // I end up here.
    return "Un-authorized";
}

for this particular use case, it is OK for me to disable the check in beginDestroy, because in the actual destroy code, the auth works again, but what is happening ?

1

1 Answers

1
votes

Changing the Route to have the filename passed using good old question mark made the difference!

This is really more of a workaround than an answer, and I still have no idea why it doesn't work the other way, anyway, here is my workaround that did the trick.

// This works
Route::get('media/begin-destroy', 
  ['as' => 'admin.media.begin-destroy', 
  'uses' => 'Admin\MediaController@beginDestroy']);

// This does not work!
// For reason beyond me, the 'auth' middleware fails here
// and Auth::check() also fails
// (Yes ofcourse I updated the signature accordingly in beginDestroy)
Route::get('media/begin-destroy/{filename}', 
  ['as' => 'admin.media.begin-destroy', 
  'uses' => 'Admin\MediaController@beginDestroy']);