General

We use middlewares to restrict access to certain parts of the NMS.

To secure routes, two types of middlewares are used - the "web" and the "can" middleware. Both are provided by Laravel. If you want to learn more about these middlewares, please look into the official Laravel documentation.

With php artisan route:list command, you get a table with all the routing information as well as a column Middleware:

Generic Routes with Middleware

[nmsprime@nmsprime-demo nmsprime]$ php artisan route:list
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+------------------------------------------------------+
| Domain | Method   | URI                                                      | Name                                 | Action                                                                                  | Middleware  										   |
+--------+----------+----------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------+------------------------------------------------------+
...
| 		 | GET|HEAD | admin/Contract                                           | Contract.index                       | Modules\ProvBase\Http\Controllers\ContractController@index                              | web,can:view,Modules\ProvBase\Entities\Contract 	   |
|        | POST     | admin/Contract                                           | Contract.store                       | Modules\ProvBase\Http\Controllers\ContractController@store                              | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/autocomplete/{column}                     | Contract.autocomplete                | Modules\ProvBase\Http\Controllers\ContractController@autocomplete_ajax                  | web,can:view,Modules\ProvBase\Entities\Contract      |
|        | GET|HEAD | admin/Contract/create                                    | Contract.create                      | Modules\ProvBase\Http\Controllers\ContractController@create                             | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | POST     | admin/Contract/create                                    | Contract.create                      | Modules\ProvBase\Http\Controllers\ContractController@create                             | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/datatables                                | Contract.data                        | Modules\ProvBase\Http\Controllers\ContractController@index_datatables_ajax              | web,can:view,Modules\ProvBase\Entities\Contract      |
|        | GET|HEAD | admin/Contract/import                                    | Contract.import                      | Modules\ProvBase\Http\Controllers\ContractController@import                             | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | POST     | admin/Contract/import_parse                              | Contract.import_parse                | Modules\ProvBase\Http\Controllers\ContractController@import_parse                       | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | POST     | admin/Contract/import_process                            | Contract.import_process              | Modules\ProvBase\Http\Controllers\ContractController@import_process                     | web,can:create,Modules\ProvBase\Entities\Contract    |
|        | PUT      | admin/Contract/{Contract}                                | Contract.update                      | Modules\ProvBase\Http\Controllers\ContractController@update                             | web,can:update,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/{Contract}                                | Contract.edit                        | Modules\ProvBase\Http\Controllers\ContractController@edit                               | web,can:view,Modules\ProvBase\Entities\Contract      |
|        | DELETE   | admin/Contract/{Contract}                                | Contract.destroy                     | Modules\ProvBase\Http\Controllers\ContractController@destroy                            | web,can:delete,Modules\ProvBase\Entities\Contract    |
|        | PATCH    | admin/Contract/{Contract}                                | Contract.update                      | Modules\ProvBase\Http\Controllers\ContractController@update                             | web,can:update,Modules\ProvBase\Entities\Contract    |
|        | GET|HEAD | admin/Contract/{Contract}/log                            | Contract.guilog                      | \App\Http\Controllers\GuiLogController@filter                                           | web,can:view,Modules\ProvBase\Entities\Contract      |
...

Workflows

Middleware Authentication checking

Login Workflow

Please take care that there are two AuthController's

The routes will define which one is used. This is normal L5 stuff – no magic.

Browser not supported