search

Zizaco / entrust

Role-based Permissions for Laravel 5
MIT License
6.05k stars 1.29k forks source link

Entrust::routeNeedsRole ignores Route::group? #146

Open jpgnz opened 10 years ago

jpgnz commented 10 years ago

Attempting to setup multiple domains like so:

www.domain - Front guest domain, no auth. login.domain - Sub domain, handles normal authentication (basically all Confide routes). go.domain - Logged in domain. All requests must be authenticated.

//filters.php
Route::group(array("domain" => 'go.domain'), function()
{
    Entrust::routeNeedsRole( '/*', 'GoAccess', function(){
     if ( Auth::guest() ) // If the user is not logged in
        {
        Session::put( 'loginRedirect', Request::url() );
        return Redirect::to( 'http://login.domain' );
        }
    } );
});

No matter what domain I access, the Entrust::routeNeedsRole seems to be running, causing an obvious redirect loop, as there's no way to login.

Ideas/Workarounds?

jpgnz commented 10 years ago

FWIW, this is how I've managed to get around it:

//filters.php
Route::filter('Auth', function()
{
    if ((Auth::guest()) || (!$user->hasRole("GoAccess"))) // If the user is not logged in/has wrong role
    {
        return Redirect::guest('http://login.domain');
    }
});

//routes.php
Route::group(array(
    'domain' => 'login.domain',
    'before' => 'GoAccess'
    ), function()
{
    Route::get('/', 'GoController@index');
});
Zizaco commented 10 years ago

@jpgnz Good one. I'm going to look on routeNeedsRole implementation. I think there should be a way to test the route against groups.

For now, your workaround seems to be the way to go.

jpgnz commented 10 years ago

Sweet :)

itsazzad commented 9 years ago

Was this bug solved?