I'm wondering if someone could shed some light on an issue im having.
I am following a tutorial on Laracasts about building a forum using Laravel ( 5.4 ) and TDD.
At the moment we have developed the authentication system and now its moving on to actually posting a 'thread'.
In the tutorial, only logged in users can post, then the post is associated with the user that posted it.
But, how would i go about allowing non-logged in users to post as well.
What would be the best approach to take to this?
Any help would be greatly appreciated.
Solution, maybe not good : Create anonymous user in your users table (with ID = 0 for example). And after if user is not logged in to post a thread, you use anonymous user, and you store IP address in your thread table.
Storing IP Address will permit you to attribute thread when user will decide to create his account (and replace 0 by the real user_id in the futur)
Laravel Provides an authentication which can be injected in the constructor of your controller .
Check this link for your reference
https://laravel.com/docs/5.4/authentication
or Since your watching Laracast what the Laravel from Scratch the part where jeffrey is creating a Blog
Good Luck
Related
I apologize in advance if you don't understand at any point.
context** I am building a web application in Laravel, although I am very new, I am doing well. I implemented the laravel fotify package for user authentication and others, all perfect. Now, in the same way, I use Laravel Socialite to allow login and registration with Google.
now, according to laravel fortify I can implement email verification, which I did according to the documentation and it works perfect. My question or use case that I would like to solve is:
that users who logged in with google are not asked for this verification, since I consider it a bit redundant, however I still have not found the solution.
In my users table, I have a type_auth field where I store the type of authentication that was done. example: google
My idea is to cancel the verification using this field.
I would appreciate any ideas or if this is impossible.
thank you.
I am building a eCommerce platform. Where I have to make several user roles and specific permission for them. I have successfully created admin and default user roles and permission.
But I am getting so much trouble to show the views and menu items based on other user roles like Editor/Manager/CS Team.
I tried to do using different middleware for every one of them. But It's not working efficiently and even at all.
For the Admin role, I created a Admin Middleware where I am checking user role type and giving access. I defined the admin middleware on Route gruop.
Can you suggest me? - how to setup permission/views/menu items efficiently for different user roles?
Thanks in Advance.
Note: I am trying to do it without any package.
Yes you can make your own custom build library by setting roles,permission table in database and as soon as the user log's in you put all that information in session or cache. But doing so might get you in trouble in future coz lack of testing it's all feature, You have to be sure what exactly you are doing to manage it by yourself or else you can use already tested many time library like
laravel-permission
Using a well known and trusted library ensures that it will solve your problem, but take your time to read it's documentation and analyse if it contains all features that you want in your application.
You need to define policy.
Policies are a great way to protect actions on your Eloquent Model. Laravel Policies are the part of Laravel Authorization that helps you to protect resources from unauthorized access.
Please refer this documentation to how to register policy and how it works in views file:
https://www.larashout.com/laravel-policies-controlling-authorization-in-laravel
I have a Laravel 5.1 app using Sentinal for security. Right now we're just using the two stock groups, Users and Admins. Recently I invited a colleague to start testing my app, so I created a user for him. I forgot to add him to the Admins group. When he logged on in infinite redirect loop started because the authentication redirect sends users to a route called home, but you can't load home if you aren't in Admins, and get redirected back to login. Which redirects you back to home.
This is a business rule, we only want Admins using the part of the app that they need to authenticate to, but we'd like to do something friendlier than sending a 403 if you aren't an Admin. I would like to send Authenticated Users to a specific route, or even just redirect them to a static page.
I think I've almost worn out Google trying to get a clue about how to do this. Seems like this should be easy-peasy. I could start hacking the vendor code, but I can't believe that there isn't a more graceful way to do this.
Sorry if this is a dumb question. I'm fairly new to Laravel.
OK folks, I got this working. I wrote a piece of middleware called RedirectIfNotAdmin.
I couldn't find a Sentry or Guard property/method that could tell me about group membership, so I made plain ol' eloquent models for my users and groups tables. I created a many-to-many between those models. In my middleware I use Sentry to get a user id, with that I instantiate one of my own User models. In my User model I implemented a method isAdmin() which gets the groups for the User and returns true if one of them is 'Admins'.
If that isAdmin() method returns false, I redirect to a page that explains that the user doesn't have permissions.
Quite a bit more elaborate solution than what I expected I would need to write. I really thought rydurham/sentinal would have this pretty much solved. Maybe Sentinal does have a cleaner solution and I'm too dense to find it. If anybody would like to comment on a better way to solve this, I'm all ears.
I am new to Laravel but I must say I am enjoying it a lot. I have got a task in hand in which i have to crete DB for user (Of Course Like other web app), in which user have privacy setting as they need. For example if a user creates a new post user can choose either he/she can share among there friends, public or make it private. What I cannot decide is:
Do I create a column inside user table and get the privacy setting
Or
Does Laravel has some class that I can implement?
What would be the ideal solution for the problem. I am currently using larval 4.2 version.
Thanks for your help in advance.
I need help getting started with some PHP coding. I am writing an app for Facebook that requires voting. I've got the whole framework up and working and I've created functionality where the user can click under a photo to vote on it. The client wants people to be able to vote for as many photos as they like but I need to figure out how to limit it so they can't vote for the same one over and over again.
My first thought was that I would set the SESSION variables to somehow link to the Facebook user's account so the app could identify the person but I'm trying to create more of a 'custom tab' than an actual app. If the only method to do this is by create an app where the user has to opt-in, then so be it, but I was wondering if there's a way to set a cookie and do this without the user logging into to the app or the app having to be opted in to.
As you can tell, I'm pretty new to PHP and MySQL coding so I'm still learning.
Thanks for pointing me in the right direction!
You probably can find what cookies FB uses and hack it to get the user id but it's a bad thing to do and it probably violates FB terms.
A much better approach to create an engaging experience for your users would be to create a FB app and ask your users to accept if they want to vote.
In order to make them have a better experience, I suggest you the following flow:
When the user clicks the voting button, you check if he has accepted your app and prompt him to do so, in case he hasn't.
When he accepts you app, you grab his data, put it in your db and check if there's already a relationship between the user and the thing to be voted and act accordingly (if the user has already voted for that item, you don't compute the double vote and inform him).