i don't know the syntax of php 7 i'm actually new to it
i'm trying to pass roles like ['admin','user','cmc'] to route middleware like shown below how do i do it properly
this is my route
Route::get('/dashboard','HomeController#dashboard')->name('dashboard')->middleware("roles:['admin','user']");
//how do i pass array of roles in it
//role middleware
<?php
namespace App\Http\Middleware;
use Closure;
use App\Role;
use Illuminate\Support\Facades\Log;
class Roles
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next,$role)
{
Log::info($role);
if($request->user()==null){
return response('unauthorised Access detected',401);
}
//check for any role passed from array
if($request->user()->hasAnyRole($role)){
return $next($request);
}
return response('unauthorised Access detected',401);
}
}
//usermodel
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function role(){
return $this->hasMany(Role::class);
}
public function hasANyRole($roles){
if(is_array($roles)){
foreach($roles as $role){
if($this->hasRole($role)){
return true;
}
}return false;
}else{
if($this->hasRole($roles)){
return true;
}
return false;
}
}
public function hasRole($role){
if($this->role()->where('role',$role)->first()){
return true;
}
return false;
}
public function getRole(){
return $this->role()->select('role')->get();
}
}
how do i pass role like ['admin','user','cmc'] some thing like this into the middleware of role
the problem is i can only get the first value in the array and the rest is not there
can some one get me out of this
I had a similar situation where I wanted to check if a user is an owner or admin before visiting a route; so I didn't need duplicate routes, and needed to pass an array instead of set single parameters.
I went down the route of sending a single paramter but using an | as a delimiter to explode on the middlewhere class.
In the route I had this for the route group
Route::group(['middleware' => ['checkRole:admin|owner']], function () {
and then in the middlewhere I used explode
$roles = explode('|', $permitted_roles);
Simple looped through the roles array to check if the user had one of the roles :) Hope this helps. Simple and easy for what I needed.
Related
I've read part of the Laravel docs for events and closures for models, I've got various models in my project whereby a user may have data linked to them in another table by a user_id column, the user_id column that I have in my various tables is structured as an unsigned integer (I'm aware I could've gone with a foreignId column by kind of a legacy approach here)
It looks like:
$table->integer('user_id')->unsigned()->nullable()->index();
I'd like to delete user data by their ID within these other tables and rather than creating a delete function and grabbing each model I want to delete data against, I've utilised the closure booted function and what I believe to be an event to listen and delete related model data, but I experience an error when trying to delete my user account, other data in other tables isn't deleted, the error I get is:
Call to undefined method App\Models\User::releationship()
My user model looks like:
<?php
namespace App\Models;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Database\Eloquent\Model;
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubject, MustVerifyEmail
{
use Notifiable, SoftDeletes;
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'first_name', 'last_name', 'email', 'password'
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token'
];
/**
* The attributes that should be cast to native types.
*
* #var array
*/
protected $casts = [
'email_verified_at' => 'datetime'
];
/**
* Get the identifier that will be stored in the subject claim of the JWT.
*
* #return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* #return array
*/
public function getJWTCustomClaims()
{
return [];
}
/**
* Route notifications for the Slack channel.
*
* #param \Illuminate\Notifications\Notification $notification
* #return string
*/
public function routeNotificationForSlack($notification)
{
$url = $this->slack_webhook;
$webhook = (isset($url) && !empty($url)) ? $url : null;
return $webhook;
}
/**
* The "booted" method of the model.
*
* #return void
*/
protected static function booted()
{
static::deleted(function ($model) {
$model->relationship()->delete();
});
}
}
And an example (of many) model I have, UptimeChecks looks like:
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
class UptimeChecks extends Model
{
/**
* The table associated with the model.
*
* #var string
*/
protected $table = 'uptime_checks';
/**
* Join user table
*/
public function user()
{
return $this->belongsTo('App\User');
}
}
All is then kicked off by a deleteAccount function in my API, which is deleting the user's account, but isn't deleting data in other tables. What am I missing and how could I do a check to make sure other data is deleted before confirming to the user that their account and linked data is gone?
/**
* Delete account
*
* #return Response
*/
public function deleteAccount(Request $request)
{
// attempt to delete account
try {
$user = User::findOrFail(Auth::id());
$user->delete();
// everything went okay!
return response()->json(['success' => true, 'message' => 'Your account has been deleted'], 200);
} catch (Exception $e) {
// catch the error
return response()->json(['success' => false, 'message' => 'We was unable to delete your account at this time'], 422);
}
}
In Laravel, when doing $model->relationship()->delete(); you will need to have the relationship defined and relationship() seems like it is copy pasted code snippet. Simply add the relationship to your User model.
class User extends Authenticatable implements JWTSubject, MustVerifyEmail
{
...
public function uptimeChecks() {
return $this->hasMany(UptimeChecks::class);
}
}
Now you can access and delete the relationship in your boot method.
$model->uptimeChecks()->delete();
You need to create a function in User.php
public function uptimeCheck()
{
return $this->hasOne('App\UptimeChecks');
}
and change the boot function
$model->uptimeCheck()->delete();
This way you need to do for all related relations.
This probably should be: $model->user()->delete() instead. There's nothing else.
If this shouldn't be the intention, reconsider the direction of the relationship.
I'm a beginner in laravel framework,I am in the course of developing an API,and I want to select from users table balance of user when I get her Id in api So I do what I found in documentations in my contoller and i use postman to test my work but always I get a error
this is my controller:
<?php
namespace App\Http\Controllers;
use App\User;
use Illuminate\Http\Request;
class MyBalanceController extends Controller
{
public function index(Request $request)
{
# code...
// $Ads = ads::all();
// return $this->sendResponse($Ads->toArray(), 'Ads read succesfully');
// This is the name of the column you wish to search
$input = $request->all();
$validator = Validator::make($input, [
'user_id'=> 'required'
] );
$Cards = User::where('user_id','=', $request->user_id)->pluck('balance')->toArray();
//$user = Auth::user();
// $Cards = DB::select('select balance from users where id = :id', ['id' => 1]);
return response()->json(['Cards'=>$Cards]);
}
}
this is my modal :
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements JWTSubject
{
use Notifiable;
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name', 'email', 'password','username','lastname','tel','adress','balance'
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token',
];
/**
* Get the identifier that will be stored in the subject claim of the JWT.
*
* #return mixed
*/
public function getJWTIdentifier()
{
return $this->getKey();
}
/**
* Return a key value array, containing any custom claims to be added to the JWT.
*
* #return array
*/
public function getJWTCustomClaims()
{
return [];
}
}
At first you can go to your .env file and set APP_DEBUG to true so you can see your exceptions when developing your app.
Regarding your problem try
$balance = User::findOrFail($request->user_id)->balance;
return response()->json($balance);
If no user was found with that id then a 404 HTTP error will be thrown
I am new in Laravel. I am developing an application from scratch as of now I just used laravel auth i.e (php artisan make:auth).
My requirement is to pull data for a loggedin user from a table i.e "admin" into my custom middleware but I am unable to call function which is defined in my Model i.e "Admin" file.
MODEL FILE :- app\Admin.php
<?php
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Admin extends Authenticatable
{
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function roles()
{
return $this->belongsToMany('App\Role', 'admin_role', 'admin_id', 'role_id');
}
public function hasAnyRole($roles)
{
if (is_array($roles)) {
foreach ($roles as $role) {
if ($this->hasRole($role)) {
return true;
}
}
} else {
if ($this->hasRole($roles)) {
return true;
}
}
return false;
}
public function hasRole($role)
{
if ($this->roles()->where('name', $role)->first()) {
return true;
}
return false;
}
public function myfunction($val)
{
echo "===>".$val; exit ;
}
}
MIDDLEWARE FILE :- app\Http\Middleware\CheckRole.php
<?php
namespace App\Http\Middleware;
use Closure;
class CheckRole
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$request->admin->myfunction('customvalue');
exit ;
}
}
I need to call function i.e "myfunction" which is define in Admin model into Checkrole.php middleware.
Thanks
try
auth()->user()->myfunction();
from the middleware. ( I am assuming you have an authenticated user at this point)
I want to basic authenticate if User is Admin then Request next otherwise redirect to homepage
User.php:
<?php
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name', 'email', 'password','role_id','is_active','photo_id',
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function role(){
return $this->belongsTo('App\Role');
}
public function photo(){
return $this->belongsTo('App\Photo');
}
public function isAdmin(){
if ($this->role()->name=="administrator"){
return true;
}
return false;
}
}
last function is isAdmin()
Admin.php (this is middleware):
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class Admin
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (Auth::check()){
if (Auth::user()->isAdmin()){
return $next($request);
}
}
return redirect('/');
}
}
routes.php:
<?php
Route::get('/', function () {
return view('welcome');
});
Route::get('/admin',function(){
return view('admin.index');
});
Route::group(['middleware'=>'admin'],function(){
Route::resource('/admin/users','AdminUsersController');
});
Route::auth();
Route::get('/home', 'HomeController#index');
I get the following error:
FatalErrorException in Admin.php line 21:
Call to a member function isAdmin() on null
I also added 'admin' =>\App\Http\Middleware\Admin::class, in kernel.php and imported the class in Admin.php.
This is because of no user session. Middleware works only when user is login. So you need to login first and then check for middleware
Auth::user() return null if user is not authenticated.
to solve this issue use Illuminate/Support/Optional as follows
optional(Auth::user())->isAdmin()
if Auth::user() return null then the isAdmin() will never be called.
Please try this: change your method to static on User.php model.
static function isAdmin(){
if ($this->role()->name=="administrator"){
return true;
}
return false;
}
Next: Modify middleware it should work.
<?php
namespace App\Http\Middleware;
use Closure;
class Admin
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (auth()->check()){
if (\Admin::isAdmin()){
return $next($request);
}
}
return abort(404); //redirect the user to not found page.
}
}
Because you do not have any role, first insert some data in the roles table.
I tried to create middleware to control the access of users, why I created a table roles may I have this error
Undefined property: Illuminate\Database\Eloquent\Builder::$role_name
User model
<?php
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token',
];
public function roles(){
return $this->belongsTo('App\Role','role_id','id');
}
public function hasRole($title){
$user_role=$this->with('roles');
if(!is_null($user_role)){
$user_role=$user_role->role_name;
}
return ($user_role==$title)?true:false;
}
}
the middleware create
<?php
namespace App\Http\Middleware;
use Closure;
class create
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next,$Admin,$SuperAdmin)
{
$User=$request->user();
return ($User->hasRole($SuperAdmin)||$User->hasRole($Admin))?$next($request):response(view('errors.401'),401);
}
}
What you what to do is to receive the relation object. You can do it in this way:
public function hasRole($title){
$user_role = '';
if(!is_null($this->roles)){
$user_role=$this->roles->role_name;
}
return ($user_role==$title)?true:false;
}
The with(...) statment is useful for receiving relation when you're working on collection of elements (eager load constraint).