Laravel provides a powerful templating engine known as Blade which allows developers to write their views in a very intuitive way. However, sometimes developers need to restrict certain views and only make them accessible to authenticated users. In this tutorial, we will walk through the steps on how to display views only to logged-in users using Laravel Blade.

Prerequisites

A working Laravel installation

Basic knowledge of Laravel and Blade templating
Understanding of Laravel’s authentication mechanisms

Basic Usage of @auth and @guest in Blade

Blade provides two directives @auth and @guest for quickly checking if the user is authenticated or not. Here’s the simplest example:

<!-- If the user is authenticated -->
@auth
    <p>Welcome back, {{ auth()->user()->name }}!</p>
@endauth

<!-- If the user is a guest -->
@guest
    <p>Please log in to see your profile.</p>
@endguest

The @auth directive checks if there’s a logged-in user, and if so, the code between @auth and @endauth will be rendered. Conversely, @guest checks for visitors that are not authenticated.

Using Authentication Middleware

Middlewares are a great way to filter HTTP requests entering your application. Laravel comes with an auth middleware, which you can apply to routes to make sure that only authenticated users have access to their associated views. Here’s an example of how to use middleware in your route definitions:

Route::get('/profile', function () {
    return view('profile');
})->middleware('auth');

Now, when an unauthenticated user tries to access the /profile route, Laravel will redirect them to the login page.

Checking Authentication in Controllers

Sometimes you may want to check if the user is authenticated within a controller. Here’s how you can do this:

public function showProfile()
{
    if (auth()->check()) {
        return view('profile', ['user' => auth()->user()]);
    } else {
        return redirect('login');
    }
}

This method uses the auth() facade’s check() method to see if the current visitor is authenticated.

Combining Techniques for a More Granular Control

You can combine middleware restrictions with inline Blade directives for more control within your views:

@auth
    <!-- This section will only be shown to logged-in users -->
    @if(auth()->user()->isAdmin())
        <!-- Markup for admin-related content -->
    @else
        <!-- Markup for regular user content -->
    @endif
@endauth

This allows you to show certain parts of a view to all authenticated users, while showing other parts only to particular types of authenticated users.

Creating a Custom Blade Directive for User Roles

If you have an application with multiple user roles, you may want to create custom directives. Here’s an example of how to create a custom directive that only shows content to users with an ‘admin’ role:

Blade::directive('admin', function () {
    return "";
});

Blade::directive('endadmin', function () {
    return "";
});

// Usage in your Blade file
@admin
    <p>This secret admin panel can only be seen by you!</p>
@endadmin

You manually register these directives in a service provider, which allows the code between @admin and @endadmin to execute only when the user is authenticated and has an ‘admin’ role.

Conclusion

In this essential guide, we have navigated through various ways of showing views only to logged-in users using Laravel Blade. Starting with the native Blade directives @auth and @guest, proceeding through route middlewares, to implementing role checks in the controllers, or even creating custom directives for more nuanced control.

Next Article: How to deploy Laravel to DigitalOcean with Laravel Forge

Previous Article: Laravel Example: Defining routes for a social media platform

Series: Laravel & Eloquent Tutorials

PHP