admin role only via Auth

I had implemented entrust for roles and permissions. I have 3 Roles, super-admin, admin and customer.

Super Admin has access to Web-app (eg. www.myurl.com)

Admin has access through api only ie mobile app (eg. www.myurl.com/api/login) via api.php route

customer had access through api ie mobile app

Now, I found a bug that when admin tries to login via www.myurl.com.login with his credentials he is allowed to log in!!!

On further investigating, I found that I need to change the login method and provide role check while login, but I'm unable to get through. I changed the login function as below, but still admin and customers are able to login!!

public function login(Request $request)
{
    $this->validateLogin($request);


    if ($this->hasTooManyLoginAttempts($request)) {
        $this->fireLockoutEvent($request);

        return $this->sendLockoutResponse($request);
    }

//I updated the following code of default login function.
    $checkAdmin = $this->attemptLogin($request);
    $isAdmin = Auth::user();

    if ( $checkAdmin  && $isAdmin->hasRole('super')) {
        //With super-admin if I do dd('hi') here, I am getting control
        return $this->sendLoginResponse($request);
    }
    //But for other roles, it is directly taking them to the super-admin (home) page!!
    .
    . //Rest of the login function...

I tried to make dd(1) to know the flow, but for super-user I got dd response while for other user, it was not going in that block and redirecting non-super-admin roles to home page!!

I am using Laravel 5.4 and entrust package for Roles.

链接地址: http://www.djcxy.com/p/58876.html

上一篇: PHP Elseif总是返回错误，多个条件

下一篇: 管理员角色只能通过身份验证