My User
model may be anonymous (eg. no e-mail registered, $user->isAnonymous()
). By using the api.auth
middleware both anonymous and fully registered users can access a given route. Now I want to restrict a route, so that anonymous users can not access it.
(Important to notice that "anonymous users" are still authenticated, anonymous does not refer to unauthenticated)
The question is, where should I place this logic to best conform with the Dingo package? Am I looking at making my own middleware, extending Dingo, or maybe making a custom provider for Dingo?
Bonus question: I think the best result would have one middleware (eg. api.auth
) only authorize those users that are not anonymous, and the second middleware (eg. auth.all
) authorize both anonymous and non-anonymous users.
via Zoon