My User model may be anonymous (eg. no e-mail registered, $user->isAnonymous()). By using the api.auth middleware both anonymous and fully registered users can access a given route. Now I want to restrict a route, so that anonymous users can not access it.
(Important to notice that "anonymous users" are still authenticated, anonymous does not refer to unauthenticated)
The question is, where should I place this logic to best conform with the Dingo package? Am I looking at making my own middleware, extending Dingo, or maybe making a custom provider for Dingo?
Bonus question: I think the best result would have one middleware (eg. api.auth) only authorize those users that are not anonymous, and the second middleware (eg. auth.all) authorize both anonymous and non-anonymous users.
via Zoon
