Laravel Passport Scopes

Question

I am a bit confused on the laravel scopes part.

I have a user model and table.

How can I assign a user the role of user, customer and/or admin.

I hav

Answer 1

I know this is a little late, but if you're consuming a backend API in an SPA using the CreateFreshApiToken in web middleware, then you can simply add an 'admin' middleware to your app:

php artisan make:middleware Admin

Then in \App\Http\Middleware\Admin do the following:

public function handle($request, Closure $next)
{
    if (Auth::user()->role() !== 'admin') {
        return response(json_encode(['error' => 'Unauthorised']), 401)
            ->header('Content-Type', 'text/json');
    }

    return $next($request);
}

Make sure you have added the role method to \App\User to retrieve the users role.

Now all you need to do is register your middleware in app\Http\Kernel.php $routeMiddleware, like so:

protected $routeMiddleware = [
    // Other Middleware
    'admin' => \App\Http\Middleware\Admin::class,
];

And add that to your route in routes/api.php

Route::middleware(['auth:api','admin'])->get('/customers','Api\CustomersController@index');

Now if you try to access the api without permission you will receive a "401 Unauthorized" error, which you can check for and handle in your app.