A middleware that checks user roles and logs request details.
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class EnsureUserHasRole
{
public function handle(Request 400">$request, Closure 400">$next, string ...400">$roles): Response
{
400">$user = 400">$request->user();
if (!400">$user || !in_array(400">$user->role, 400">$roles)) {
if (400">$request->expectsJson()) {
return response()->json([class=class="text-emerald-400">"text-emerald-400">'error' => class=class="text-emerald-400">"text-emerald-400">'Forbidden'], 403);
}
abort(403, class=class="text-emerald-400">"text-emerald-400">'Unauthorized action.');
}
return 400">$next(400">$request);
}
}
class=class="text-emerald-400">"text-gray">// Register in bootstrap/app.php:
class=class="text-emerald-400">"text-gray">// ->withMiddleware(function (Middleware 400">$middleware) {
class=class="text-emerald-400">"text-gray">// 400">$middleware->alias([class=class="text-emerald-400">"text-emerald-400">'role' => EnsureUserHasRole::class]);
class=class="text-emerald-400">"text-gray">// })
class=class="text-emerald-400">"text-gray">//
class=class="text-emerald-400">"text-gray">// Usage in routes:
class=class="text-emerald-400">"text-gray">// Route::get(class=class="text-emerald-400">"text-emerald-400">'/admin', AdminController::class)->middleware(class=class="text-emerald-400">"text-emerald-400">'role:admin,editor');Register the middleware alias in bootstrap/app.php. Apply it to routes with ->middleware('role:admin,editor'). It accepts multiple roles as arguments and returns 403 for unauthorized users.
Let's discuss how we can bring your idea to life. From initial concept to production-ready product — we've got you covered.