Docs
Docs

Multi-tenancy

Several real life applications require different types or roles of users. Say a mentor and a mentee.

You can achieve different protected route groups:

  • one that only allows mentors (Authenticated users of type mentor)
  • one that only allows mentees (Authenticated users of type mentee)
    by creating a middleware for each of these 2 (or 1 middleware with an argument):
<?php

class MentorAuthMiddleware
{
    public function handle($request, Closure $next)
    {
        $user = \Auth::user();

        if (!$user || $user->type !== 'mentor') {
            return response()->error('Not Authorized', 401);
        }

        return $next($request);
    }
}
<?php

class MenteeAuthMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $user = \Auth::user();

        if (!$user || $user->type !== 'mentee') {
            return response()->error('Not Authorized', 401);
        }

        return $next($request);
    }
}

👍

Don't forget to add these middlewares to your Http Kernel.

And then you can use them in your routes.php:

<?php

//Public endpoints
$api->group([], function ($api) {
  
});

//Protected endpoints (Mentor or Mentee)
$api->group(['middleware' => 'api.auth'], function ($api) {
  
});

//Protected: Mentor only
$api->group(['middleware' => ['api.auth', 'auth.mentor']], function ($api) {
  
});

//Protected: Mentee only
$api->group(['middleware' => ['api.auth', 'auth.mentee']], function ($api) {
  
});