I’m currently working through my first Adonis project, so bear with me, as this may be a very simple mistake. I’ve scoured Google and Docs for related projects and materials that may be of use, but I can’t find anything.

I used the following as a reference for implementing protected routes based on user roles:

However, something just isn’t right, and I’m not sure where I’ve went wrong.


class UserRole {
  async handle ({ auth }, next) {
    await auth.user.load('role')
    await next()
module.exports = UserRole


const Route = use('Route') => {'groups/new', 'GroupController.create').middleware('auth', 'userRole')


const Group = use('App/Models/Group')

class GroupController {
  // just testing the middleware here
  async create ({ auth, request }) {
    const user = await auth.getUser()
    return {
      user: user,
      role: auth.user.getRelated('role')
module.exports = GroupController


class User extends Model {
  tokens () {
    return this.hasMany('App/Models/Token')

  role () {
    return this.belongsTo('App/Models/Role')
module.exports = User


class Role extends Model {
  user() {
    return this.hasMany('App/Models/User')
module.exports = Role

So when I run a POST through Postman on this endpoint, I guess I expected to get back the user and the role. But this is what I actually got back:

    "user": {
        "id": 1,
        "email": "",
        "password": "$2a$10$Av1xGN2KkP2BJmG35q4y/eIhjtXWkAqblNWGcRd4MZHGrYCJUb6q6",
        "role": null
    "role": null

What I don’t understand is why the "user".role is null, it’s not null in the database (as shown in the pictures), and if I remove userRole middleware from the route "user".role is not null.

At the end of the day, I’m just looking to implement protected routes for certain authenticated users, and am open to suggestions. But ideally, I’d like to fix what I have here.


I’m at a loss here, I literally changed nothing in my code, wiped the entire database (dropped all tables), ran migrations, inserted the same data to the associated tables, and … now it appears to be working.