Skip to main content

Middleware

dalam contoh ni, kita ada buat middleware untuk semak peranan berdasarkan column 'role' pada table users. 

1. Create Middleware

Guna artisan:

php artisan make:middleware RoleMiddleware

Ini akan create file app/Http/Middleware/RoleMiddleware.php.

2. Edit Middleware Logic

Contoh RoleMiddleware:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
use Illuminate\Support\Facades\Auth;

class RoleMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next, ...$roles): Response
    {
        $user = Auth::user();

        if (! $user) {
            return redirect()->route('login');
        }

        // Check kalau role user termasuk dalam list roles yang dibenarkan
        if (! in_array($user->role, $roles)) {
            abort(403, 'Unauthorized access');
        }

        return $next($request);
    }
}

guna ...$roles (spread operator), so masa panggil middleware boleh letak lebih dari satu role. contoh dalam routes pada point 4.

return $next($request); tu utk proceed kalau semuanya ok.

3. Register Middleware

Dalam Laravel 11, middleware global dan route middleware daftar dalam bootstrap/app.php, bukan lagi app/Http/Kernel.php (Kernel dah minimal).

So buka bootstrap/app.php, cari bahagian:

->withMiddleware(function (Middleware $middleware) {
    $middleware->alias([
        'role' => \App\Http\Middleware\RoleMiddleware::class,
    ]);
})

4. Guna Middleware Dalam Route

Sekarang route boleh protect ikut role:

use Illuminate\Support\Facades\Route;

Route::middleware(['role:admin'])->group(function () {
    Route::get('/admin', [AdminController::class, 'index'])->name('admin.dashboard');
});

Route::middleware(['role:pengundi'])->group(function () {
    Route::get('/pengundi/cabutan', [PengundiController::class, 'cabutan'])->name('pengundi.cabutan');
});

Route::middleware(['role:datukbandar'])->group(function () {
    Route::get('/datukbandar', [DatukBandarController::class, 'dashboard'])->name('datukbandar.dashboard');
});

// kalau ada route share by 2 role
Route::middleware(['role:admin,datukbandar'])->group(function () {
    Route::get('/laporan', [ReportController::class, 'index']);
});

No Comments
Back to top