Deny access to everyone but admins - Githubissues

barryvdh / laravel-elfinder

elFinder bundle for Laravel

739 stars 171 forks source link

Deny access to everyone but admins #195

Closed robertnicjoo closed 6 years ago

robertnicjoo commented 7 years ago

Hi, I just installed this package and it works for me but the link such as http://xxxx.dev/elfinder/tinymce4 is open to everyone no matter what!

my config is currently like this

'route' => [
        'prefix' => 'elfinder',
        'middleware' => 'isAdmin', //Set to null to disable middleware filter
    ],

But seems like middleware doesn't work! how i stop people of having access to that link?

matoh commented 7 years ago

Are you sure that middleware isAdmin is working properly?

I have had an issue that was related to the middleware problem - #127 and was solved by adding web middleware to elfinder route configuration.

'route' => [
        'prefix' => 'elfinder',
        'middleware' => ['web', 'isAdmin'], //Set to null to disable middleware filter
],

barryvdh commented 6 years ago

Yeah that should work, but you isAdmin should probably return false when no user is authenticated at all.