Laravel's middleware system gains significant flexibility through parameterization, enabling dynamic behavior based on runtime data. This is especially valuable for scenarios like role-based access control, rate limiting, or any situation demanding configurable middleware logic.
Here's an example demonstrating role-based route protection using parameterized middleware:
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class EnsureUserHasRole
{
public function handle(Request $request, Closure $next, string ...$roles)
{
if (!$request->user()?->hasAnyRole($roles)) {
return response()->json(['error' => 'Insufficient permissions'], 403);
}
return $next($request);
}
}This middleware checks if the authenticated user possesses any of the specified roles. Let's see how it's used in route definition:
use App\Http\Controllers\PostController;
use App\Http\Middleware\EnsureUserHasRole;
Route::prefix('posts')->group(function () {
// Public routes
Route::get('/', [PostController::class, 'index']);
// Editor routes
Route::put('/{id}', [PostController::class, 'update'])
->middleware(EnsureUserHasRole::class . ':editor');
Route::post('/', [PostController::class, 'store'])
->middleware(EnsureUserHasRole::class . ':editor');
// Admin routes
Route::delete('/{id}', [PostController::class, 'destroy'])
->middleware(EnsureUserHasRole::class . ':admin');
});The :editor and :admin parameters passed to the middleware dynamically determine the required roles. This approach maintains clean routes and controllers while implementing sophisticated authorization. The power of parameterized middleware lies in its ability to inject context-specific data into the middleware's logic, resulting in more adaptable and maintainable code.
The above is the detailed content of Parameterized Middleware in Laravel. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
