General
We use middlewares to restrict access to certain parts of the NMS.
To secure routes, two types of middlewares are used - the "web" and the "can" middleware. Both are provided by Laravel. If you want to learn more about these middlewares, please look into the official Laravel documentation.
With php artisan route:list command, you get a table with all the routing information as well as a column Middleware:
Generic Routes with Middleware
[nmsprime@nmsprime-demo nmsprime]$ php artisan route:list
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+------------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+------------------------------------------------------+
...
| | GET|HEAD | admin/Contract | Contract.index | Modules\ProvBase\Http\Controllers\ContractController@index | web,can:view,Modules\ProvBase\Entities\Contract |
| | POST | admin/Contract | Contract.store | Modules\ProvBase\Http\Controllers\ContractController@store | web,can:create,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/autocomplete/{column} | Contract.autocomplete | Modules\ProvBase\Http\Controllers\ContractController@autocomplete_ajax | web,can:view,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/create | Contract.create | Modules\ProvBase\Http\Controllers\ContractController@create | web,can:create,Modules\ProvBase\Entities\Contract |
| | POST | admin/Contract/create | Contract.create | Modules\ProvBase\Http\Controllers\ContractController@create | web,can:create,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/datatables | Contract.data | Modules\ProvBase\Http\Controllers\ContractController@index_datatables_ajax | web,can:view,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/import | Contract.import | Modules\ProvBase\Http\Controllers\ContractController@import | web,can:create,Modules\ProvBase\Entities\Contract |
| | POST | admin/Contract/import_parse | Contract.import_parse | Modules\ProvBase\Http\Controllers\ContractController@import_parse | web,can:create,Modules\ProvBase\Entities\Contract |
| | POST | admin/Contract/import_process | Contract.import_process | Modules\ProvBase\Http\Controllers\ContractController@import_process | web,can:create,Modules\ProvBase\Entities\Contract |
| | PUT | admin/Contract/{Contract} | Contract.update | Modules\ProvBase\Http\Controllers\ContractController@update | web,can:update,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/{Contract} | Contract.edit | Modules\ProvBase\Http\Controllers\ContractController@edit | web,can:view,Modules\ProvBase\Entities\Contract |
| | DELETE | admin/Contract/{Contract} | Contract.destroy | Modules\ProvBase\Http\Controllers\ContractController@destroy | web,can:delete,Modules\ProvBase\Entities\Contract |
| | PATCH | admin/Contract/{Contract} | Contract.update | Modules\ProvBase\Http\Controllers\ContractController@update | web,can:update,Modules\ProvBase\Entities\Contract |
| | GET|HEAD | admin/Contract/{Contract}/log | Contract.guilog | \App\Http\Controllers\GuiLogController@filter | web,can:view,Modules\ProvBase\Entities\Contract |
...
Workflows
Middleware Authentication checking
Login Workflow
Please take care that there are two AuthController's
- Admin: https://github.com/nmsprime/nmsprime/blob/dev/app/Http/Controllers/AuthController.php
- CCC: https://github.com/nmsprime/nmsprime/blob/dev/modules/Ccc/Http/Controllers/AuthController.php
The routes will define which one is used. This is normal L5 stuff – no magic.