Hello, recently I have been learning Laravel but reading the documentation I could not understand the authentication part and this happens in the part of restricting routes to users. For example, if I have an administrator user who can access these routes:
- mipagina.com/registrar-PRODUCT
- mypage.com/edit-product
- mypage.com/product-management
Another client user who can see the products and buy
mipagina.com/listado-de-productos
mipagina.com/buy-products
How would I make it so that the client user cannot access the administrator's routes? I just need some theories or points to start investigating since I feel confused with this part. I managed to login but any logged in user can access all the routes
You don't specify the version of laravel, but in any case route groups are more appropriate. ( https://laravel.com/docs/5.7/routing#route-groups )
Example of routes for the admin exclusively:
All the best
As mentioned before, it is best to use a group, but in addition to that, it is also good to add an alias, a namespace and a specific middleware to validate the admin.
All this because generally the admin controllers and routes must be separated from the user routes, and the middleware because the admin user is validated differently from the normal user
Everything should be more or less like this
In this way all the routes are like this:
mipagina.com/admin/registrar-producto the admin is added "automatically"
The route names look like this:
admin.registrarProduct
And the path of the controllers like this:
App\Http\Controllers\Admin
Remember that you must create the middleware here you can find the documentation about it https://laravel.com/docs/5.7/middleware
Here you can find an interesting article about it Laravel Route Tips to Improve Your Routing