Security

Restricting CMS Access

Enso comes with an enso middleware group. By default this only includes the Illuminate\Auth\Middleware\Authenticate middleware, which ensures that only logged-in users can see the CMS.

You can add your own middlewares to this group, by doing something like this in your service provider:

$router = $this->app['router'];
$router->pushMiddlewareToGroup('enso', App\Http\Middleware\MyFancyMiddleware::class);

You may want to do this to e.g. check that users have a admin role.

Preventing Registration

If you are going to use the default auth-only setup, you should ensure that users are unable to register.

public function showRegistrationForm()
{
    abort(404);
}

public function register()
{
    abort(404);
}