I am new to Laravel, and currently I am developing a job website project using Laravel 5. In the website, in addition to the Admin user, I have three types of users- jobseeker, employer, and training provider, which I want to seperate the three tables because each of them store different information. Plus, each of them should go to certain allowed user logged in area. For example, logged job seeker can only work on their allowed area, and employer and training provider can do the same thing.
Could you advise me how to manage authentication for each tables?
Best Regards,
Naren
The best way to manage this in Laravel is use a plugin. Try this: Laravel ACL
It uses following table to manage role based access for entire application:
users
role_user
roles
permissions
permission_role
permission_user
By using this module you can manage role wise as well as individual person permission also.
You can apply the following stuffs from Laravel 5.2+,
Use multi authentication. So each type of user has its own model: JobSeeker, Employer, TrainingProvider. They will have their own Guard in middleware for authentication.
Routes are protected via middleware. Some routes are permitted to all, some are personal...
Since each role might have same or different access to some type of actions, ex. all have access the JobSeeker profile (to view), but only JobSeeker can edit the profile. Use the Laravel Policy.
Related
I want to create architecture as the follow tree.
Super-Admin
Managers
Editors
Admins
View-Only
Vendors (Can create Vendors profiles)
Super-Admin and Admin also can Create Vendors (Vendors table must be separate)
Vendors can also directly Signup/Signin
Each Vendor have their own users backend users and frontend users.
Backend
Vendor
Managers
Editors
Admins
View-Only
Frontend Users (create frontend users profile)
Frontend Users
Front-end Users can also signup directly from frontend / social-login also allowed
Please help me how i will manage user Auth for this kind of architecture in Laravel?
I want front-end users table separate, vendors table separate and super-admins table separate. just to reduce data length in each table and easy to manage.
I don't know how i will make base structure for this, how group permissions will work with this complex structure.
Want to use laravel-7+
First look into RBAC (role based access control) to see how it is to have an idea.
Laravel authentication has guards that you can use to authenticate different users from different tables. Just define different guards for each of your tables and use them wherever you want.
Also look at authorization. You can define different gates and policies for different user types to check their role and allow/deny them.
I'm new to laravel and don't have much experience in it.
There is a scenario of defining access levels in a laravel project. Our team has decided to use spatie package for implementing different access levels.
I know, how to implement basic roles and permissions but in our case, we're following an application where we have 3 basic roles:
1. Full Admin
2. Employees
3. Managers
In Employee role we further have sub-roles, like UK-Employees, US-Employees, FullTime-Employees, etc.
These different groups/roles have different permissions, which we can change according to our needs.
On the index page of Access Levels, we can create a new role by deciding which type of role we want to create? Employee/Manager/Custom. On selecting one role, we go to another page and on that page, we get some predefined permissions according to the role type (Employee, Manager or Custom). Further, we can change those permissions to define new roles.
Can anyone suggest to me how can I implement this scenario using spatie?
Moreover, if the question is not understandable please suggest edits.
I am building a eCommerce platform. Where I have to make several user roles and specific permission for them. I have successfully created admin and default user roles and permission.
But I am getting so much trouble to show the views and menu items based on other user roles like Editor/Manager/CS Team.
I tried to do using different middleware for every one of them. But It's not working efficiently and even at all.
For the Admin role, I created a Admin Middleware where I am checking user role type and giving access. I defined the admin middleware on Route gruop.
Can you suggest me? - how to setup permission/views/menu items efficiently for different user roles?
Thanks in Advance.
Note: I am trying to do it without any package.
Yes you can make your own custom build library by setting roles,permission table in database and as soon as the user log's in you put all that information in session or cache. But doing so might get you in trouble in future coz lack of testing it's all feature, You have to be sure what exactly you are doing to manage it by yourself or else you can use already tested many time library like
laravel-permission
Using a well known and trusted library ensures that it will solve your problem, but take your time to read it's documentation and analyse if it contains all features that you want in your application.
You need to define policy.
Policies are a great way to protect actions on your Eloquent Model. Laravel Policies are the part of Laravel Authorization that helps you to protect resources from unauthorized access.
Please refer this documentation to how to register policy and how it works in views file:
https://www.larashout.com/laravel-policies-controlling-authorization-in-laravel
I have got a web project which has 3 types of users, say root admin, a super admin and kitchen admin. Each user or role has different functionalities: root admin will create super admin and other small functionalities, same way super admin would be creating kitchen admin and other functionalities and kitchen admin has its own functionalities say handling orders.
I wanted to know whether would it be a good idea to make separate laravel setup for each users or all these users can be developed in one laravel setup?
A small lead on this would be a great help since I am new at laravel.
You could make separate setups for each users. That would work. But would also be difficult to maintain and you might have to write some functions 3 times (login, logout, CRUD, etc.).
However, you could create a single project using Authorizations. Out of the box, Laravel gives you an easy way to authorize and restrict some actions via Gate or restrict models via Policy. You could also restrict URLs via Middleware. See you have 3 different ways of restricting actions.
My personal preference is Policy because it's bound to the model. You have a list of permissions and give each role their permissions, eg.: 'create_sys_admin'. Then link this permission to the 'root_admin' role. so in your policy you can write:
public function createSysAdmin(User $user) {
return $user->role->permissions->contains('create_sys_admin');
}
With the policy defined, we can check for propser permission in the controller. In any function in your controller you can always check for proper permissions
if ( Auth::user()->cant('create_sys_admin', User::class) ) {
return redirect()->back()->withErrors(['authorization' => 'You are not authorized to perform that action']);
}
That was just one way. As I previously said, you have Gates and Middlewares as well. Read more here: https://laravel.com/docs/5.4/authorization
If you want something already made, you can use this package: https://github.com/Zizaco/entrust.
I generated entity and model, then a CRUD for it using Gii. Default access rules say that delete action can do just users with admin role. By default we have 2 users defined in UserIdentity.php: admin/admin and demo/demo. Demo is common user and admin is admin user. Authenticating with demo I have "403 forbiden" on delete page. So question is where is set role for these default users?
In your access rules array, you need to specify users not roles. Until you start using the RBAC module, you will have no roles assigned. The tutorial for RBAC shows how to define your roles and assign them to users. What it doesn't tell you is where to populate the files. read up about data migrations. That is where I populated my files.
This is not default users but default roles. You should read about RBAC
It depends on how deep you plan to go with your site security. If you are just trying grant access to specific users from that default users array, you can just configure them through the accessRules method and use the users configuration.
Otherwise, if you actually want a comprehensive role system, you will want to look into RBAC as #oroshnivskyy suggested.