Demo mode allows you to show off your app to people without giving them access to do certain things. The configuration for demo mode can be found in config/lap.php:
'demo' => [
// enable/disable demo mode
'enabled' => env('DEMO_ENABLED', false),
// allow routes with the following methods or uris in demo mode
'whitelist' => [
'methods' => ['get'],
'routes' => ['admin/login', 'admin/logout'],
],
// demo user credentials (populates login form in demo mode)
'user' => [
'email' => env('DEMO_USER_EMAIL', 'admin@example.com'),
'password' => env('DEMO_USER_PASSWORD', 'admin123'),
],
],These are the default demo mode configuration values. As you can see, we currently have demo mode disabled. However, when enabled, we allow any request with a get method, or the admin/login and admin/logout routes. It should be mentioned that the routes do support wildcards e.g. admin/users*.
Out of the box, this should be a good enough setup for most applications if you are using REST routes correctly. What will happen is the user will be able to log in and see everything, but they will get an error message if they try and actually submit anything or view a page that is not allowed directly.
This all happens in the RestrictDemo middleware, which runs on every request. If demo mode is enabled and the requested method/route is not whitelisted, it will either return with a JSON message or throw an authorization exception, depending on the request type.