# Middleware

# Configuration

The middleware are registered automatically as role, permission and ability . If you want to change or customize them, go to your config/laratrust.php and set the middleware.register value to false and add the following to the routeMiddleware array in app/Http/Kernel.php:

'role' => \Laratrust\Middleware\LaratrustRole::class,
'permission' => \Laratrust\Middleware\LaratrustPermission::class,
'ability' => \Laratrust\Middleware\LaratrustAbility::class,

# Concepts

You can use a middleware to filter routes and route groups by permission, role or ability:

Route::group(['prefix' => 'admin', 'middleware' => ['role:admin']], function() {
    Route::get('/', 'AdminController@welcome');
    Route::get('/manage', ['middleware' => ['permission:manage-admins'], 'uses' => 'AdminController@manageAdmins']);
});

If you use the pipe symbol it will be an OR operation:

'middleware' => ['role:admin|root']
// $user->hasRole(['admin', 'root']);

'middleware' => ['permission:edit-post|edit-user']
// $user->hasRole(['edit-post', 'edit-user']);

To emulate AND functionality you can do:

'middleware' => ['role:owner|writer,require_all']
// $user->hasRole(['owner', 'writer'], true);

'middleware' => ['permission:edit-post|edit-user,require_all']
// $user->isAbleTo(['edit-post', 'edit-user'], true);

For more complex situations use ability middleware which accepts 3 parameters; roles, permissions and options:

'middleware' => ['ability:admin|owner,create-post|edit-user,require_all']
// $user->ability(['admin', 'owner'], ['create-post', 'edit-user'], true)

# Using Different Guards

If you want to use a different guard for the user check you can specify it as an option:

'middleware' => ['role:owner|writer,require_all|guard:api']
'middleware' => ['permission:edit-post|edit-user,guard:some_new_guard']
'middleware' => ['ability:admin|owner,create-post|edit-user,require_all|guard:web']

# Teams

If you are using the teams feature and want to use the middleware checking for your teams, you can use:

'middleware' => ['role:admin|root,my-awesome-team,require_all']
// $user->hasRole(['admin', 'root'], 'my-awesome-team', true);

'middleware' => ['permission:edit-post|edit-user,my-awesome-team,require_all']
// $user->isAbleTo(['edit-post', 'edit-user'], 'my-awesome-team', true);

'middleware' => ['ability:admin|owner,create-post|edit-user,my-awesome-team,require_all']
// $user->ability(['admin', 'owner'], ['create-post', 'edit-user'], 'my-awesome-team', true);

NOTE

The require_all and guard parameters are optional.

# Middleware Return

The middleware supports two types of returns in case the check fails. You can configure the return type and the value in the config/laratrust.php file.

# Abort

By default the middleware aborts with a code 403 but you can customize it by changing the middleware.handlers.abort.code value.

# Redirect

To make a redirection in case the middleware check fails, you will need to change the middleware.handling value to redirect and the middleware.handlers.redirect.url to the route you need to be redirected. Leaving the configuration like this:

'handling' => 'redirect',
'handlers' => [
    'abort' => [
        'code' => 403
    ],
    'redirect' => [
        'url' => '/home',       // Change this to the route you need
        'message' => [          // Key value message to be flashed into the session.
            'key' => 'error',
            'content' => ''     // If the content is empty nothing will be flashed to the session.
        ]
    ]
]