Ich habe den Super‑Admin sauber auf einen eigenen Guard + eigenes Session‑Cookie umgestellt, damit Filament‑Login nicht mehr mit dem Frontend/Event‑Admin geteilt wird.

2025-12-23 09:17:39 +01:00
parent 8267b2bca3
commit 77fc8015e7
4 changed files with 54 additions and 2 deletions
--- a/app/Http/Middleware/UseSuperAdminSession.php
+++ b/app/Http/Middleware/UseSuperAdminSession.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class UseSuperAdminSession
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        config(['session.cookie' => 'super_admin_session']);
+
+        return $next($request);
+    }
+}
--- a/app/Providers/Filament/SuperAdminPanelProvider.php
+++ b/app/Providers/Filament/SuperAdminPanelProvider.php
@@ -11,6 +11,7 @@ use App\Filament\Widgets\PlatformStatsWidget;
 use App\Filament\Widgets\RevenueTrendWidget;
 use App\Filament\Widgets\TopTenantsByRevenue;
 use App\Filament\Widgets\TopTenantsByUploads;
+use App\Http\Middleware\UseSuperAdminSession;
 use Boquizo\FilamentLogViewer\FilamentLogViewerPlugin;
 use Filament\Http\Middleware\Authenticate;
 use Filament\Http\Middleware\DisableBladeIconComponents;
@@ -18,8 +19,8 @@ use Filament\Http\Middleware\DispatchServingFilamentEvent;
 use Filament\Pages;
 use Filament\Panel;
 use Filament\PanelProvider;
-use Filament\Support\Icons\Heroicon;
 use Filament\Support\Colors\Color;
+use Filament\Support\Icons\Heroicon;
 use Filament\Widgets;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Cookie\Middleware\EncryptCookies;
@@ -72,6 +73,7 @@ class SuperAdminPanelProvider extends PanelProvider
            ])
            ->middleware([
                EncryptCookies::class,
+                UseSuperAdminSession::class,
                AddQueuedCookiesToResponse::class,
                StartSession::class,
                AuthenticateSession::class,
@@ -100,7 +102,7 @@ class SuperAdminPanelProvider extends PanelProvider
                Pages\Dashboard::class,
                \App\Filament\SuperAdmin\Pages\WatermarkSettingsPage::class,
            ])
-            ->authGuard('web');
+            ->authGuard('super_admin');

        // SuperAdmin-Zugriff durch custom Middleware, globale Sichtbarkeit ohne Tenant-Isolation
        // Blog-Resources werden durch das Plugin-ServiceProvider automatisch registriert