twill-navigation default route issues when using different roles

[zedee]

Hi, I've been in a situation like this:

We have two roles: ADMIN and GUEST.
We have two modules: Clients and Projects.
ADMIN role can see Clients and Projects in the navigation menu.
GUEST role only will see Projects.

But in site/config/twill-navigation file, we have the following:

'management' => [
        'title' => 'Management',
        'route' => 'admin.management.clients.index',
        'primary_navigation' => [
            'clients' => [
                'title' => 'Clients',
                'can' => 'manage-module',
                'module' => true,
            ],
            'projects' => [
                'title' => 'Projects',
                'can' => 'manage-module',
                'module' => true,
            ],

When a user with role GUEST logs in, even if it shouldn't see Clients module, it will be redirected to Clients index, as in the config file there's only one route by default.

Is there any way to solve this kind of situations (which in my opinion, is not that exceptional) ? config files are out of Laravel's app() scope, so they're not meant to have logic there, actually it shouldn't have any logic at all. Maybe with a custom admin route middleware? Problem is... modules routes are doing all that magic behind the scenes that I have no idea where to hook this middleware.

[tchapi]

Hi @zedee
Eventhough I have no answer to this question unfortunately, I'm curious to see how you defined your roles and your AuthProvider - I'm looking to do the same in my Twill instance, and I can't manage to find a way. Care to share? Thanks !

[zedee]

Hey @tchapi

Sorry for the late reply!!! I've been ultra-busy these days and haven't the time to give you a detailed answer. Hopefully it's not useless and can be helpful for you :)

I managed to solve it via creating a Middleware

On your app/Http/Middleware folder, create a file named like this: RedirectToModuleOnRole.php, and you can take my code as a template (modify up to your needs, the roles and routes are invented for the sake of exemplification, you can have more routes, roles, and situations, in my case I only had 2 exceptions):

<?php

namespace App\Http\Middleware;

use Closure;

class RedirectToModuleOnRole
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (($request->user()->role === 'YOUR_SPECIFIC_ROLE' || $request->user()->role === 'YOUR_OTHER_SPECIFIC_ROLE') &&
            $request->route()->named('admin.projects.index')) {
            return redirect(route('admin.secretProjects.index'));
        }

        elseif (($request->user()->role === 'YOUR_SPECIFIC_ROLE' || $request->user()->role === 'YOUR_OTHER_SPECIFIC_ROLE') &&
            $request->route()->named('admin.posts.index')) {
            return redirect(route('admin.MagicPosts.index'));
        }

        return $next($request);
    }
}

After that, don't forget to include this middleware on your app/Http/kernel.php file, like this (if your middleware has nothing which needs a higher priority, I like to put the custom things on the end of the array):

protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \App\Http\Middleware\EnsureEmailIsVerified::class,
        'redirect_to_module_on_role' => \App\Http\Middleware\RedirectToModuleOnRole::class //Here goes your custom middleware :)
    ];

[zedee]

@tchapi

I'm curious to see how you defined your roles and your AuthProvider

By the way, answering to your question:

• I followed the instructions on: https://twill.io/docs/#user-management (mandatory follow their steps)
• I copied the contents of ./vendor/area17/twill/src/AuthServiceProvider.php into my app/Providers/AuthServiceProvider.php file as a reference, and modified it to fit my needs, as I have a bit of what can a role do and cannot micromanagement on my app.
• Aaand it worked :)