-
-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
best way to define a default route for banned users? #19
Comments
Hello @vesper8! If user is banned
It's just a boilerplate for the most common case. I've added it for quick security solution out of the box. I like the idea to have separate endpoint where user will be redirected as soon as he will be banned and since it's application specific it should be configurable as you said. It could be solved in 2 ways:
Each solution has benefits and drawbacks. But we need to be aware of APIs, because they don't need any redirections and should return Feel free to continue discussion or make PR if you want to see this feature out of the box! |
Well I ended up create a simple route middleware use Closure;
use Illuminate\Contracts\Auth\Guard;
class IsBanned
{
/**
* The Guard implementation.
*
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* @param \Illuminate\Contracts\Auth\Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
* @throws \Exception
*/
public function handle($request, Closure $next)
{
$user = $this->auth->user();
if ($user && $user->isBanned()) {
return redirect()->route('account.suspended');
}
return $next($request);
}
And the inside my controller that handles all my authenticated routes, and since I'm still using (and downright still in love with LaravelCollective/annotations All I had to do was add this one line at the top of my controller and problem solved
I suppose it could be useful to have this built-in and documented |
Thanks for sharing it, @vesper8! Right now I'm busy with upgrading 50+ proprietary packages to Laravel 5.6 and then launching brand new project. And only after all this stuff I'm ready to continue to contribute in open source projects. I wouldn't close this issue to have a reminder to add this functionality out of the box. |
I have submitted a pull request for this #63 |
I got your package implemented and working now but I see that when a banned user tries to access a page that requires auth they are just bounced back to the landing page as if they were not authorized
I am not using your forbid-banned-user route middleware because I actually need to allow users to log in so I can show them a customized page telling them they are suspended where I can also retrieve the "comment" added when the ban was done
When users log in I catch that they are banned and send them to this page. But if they then try to navigate to an authorized page then it creates a problem.
I guess I can create a "isBanned" middleware and handle all this. But I thought this should be part of this package.. with a configuration file where one can set the default route to send all users that are both authenticated and banned
Or maybe I'm missing something and this is already baked in ?
The text was updated successfully, but these errors were encountered: