Return 403 if route is not allowed

Question

I have Route group with middleware (I use Zizaco/entrust package):

Route::group(['as' => 'admin.', 'prefix' => 'admin', 'middleware' => ['role:admin']], function (){
    ...
});

When I try to enter http://mysite/admin while not authenticated I get exception

Symfony \ Component \ HttpKernel \ Exception \ HttpException
No message

But I want to return 403.
I tried to do this:

Route::fallback(function(){
    abort(403);
});

but it didn't helped.

Edit 1: here we have exception handle in Laravel 5.5.28

public function abort($code, $message = '', array $headers = [])
    {
        if ($code == 404) {
            throw new NotFoundHttpException($message);
        }

        throw new HttpException($code, $message, null, $headers);
    }

As you can see, there is no 403 handle.

Mahdi Younesi Mahdi Younesi · Accepted Answer · 2018-01-25T09:02:06

you have to modify handle method of role middleware

public function handle($request, Closure $next, $roles)
{
    if (!is_array($roles)) {
        $roles = explode(self::DELIMITER, $roles);
    }
    if ($this->auth->guest() || !$request->user()->hasRole($roles)) {
        abort(403); // notice here it returns 403
    }
    return $next($request);
}

Return 403 if route is not allowed

1 Answers