I'm writing an app that has both client and admin side and I need roles and sub-accounts (for client side) feature.
I understand that there are many of this question but I'm not sure which way to go as I want the admin side too. What would be the best way to do the admin side? what about setting different user groups (ie group client and group admin) or else?
Any thoughts for Laravel5 package or something?
Thank you
Laravel 5.0 comes with a basic Auth system but doesn't comes with ACL.
ACL can be implemented in so many ways based on user requirements it would not make sense to ship an ACL with Laravel core.
There are many ACL on packagist.
Personally the role based access controlled (RBAC) I've used in past project is:
https://github.com/Zizaco/entrust
Related
i'm trying to build a multi tenant API and so far my APIs are working great and i managed to implement multi-tenancy ( using archtechx/tenancy ), authentication with sanctum issuing keys is also working fine.
The application is structured such as there is a central domain example.com, the users that have access to this domain are called "Superadmins", they should be able to access with their API token (issued by sanctum on login) every other subdomain (or tenant) APIs with unrestricted access.
The tenants are on subdomains such as tenant.example.com and have personal databases, one for each tenant.
I was thinking about a couple of solutions to implement this:
let the Superadmin Impersonate an admin of the tenant API and do stuff as that admin
find a way to issue "Master keys" to superadmins that work on every tenant (subdomain)
I would lean towards the second solution because i find it more elegant. I've been searching the web for best practices for this kind of problem/feature but i haven't found anything that matches my question exactly.
In conclusion, is solution number 2 workable? And if so, is there a way to issue such "Master keys" with sanctum?
I'm using:
Laravel 8.48.1
Lighthouse-php as a framework to serve GraphQL through Laravel
Sanctum as Authentication guard
Tenancy for Laravel as a Multi-tenancy package
Master keys
A simple thought: you could set token abilities for Sanctum tokens. Perhaps you could create the ability of master:access or something similar, that function as a Master key? You could grant super admins the master:access ability while creating the API token for them.
This does require the tenant to access the master DB and authorize the ability of that specific key. I do not know the specific implementation of that package, but the Tenancy projects I worked with before provided easy access to the master DB. You could implement some kind of middleware or authorization to check if the user has a token with the master:access ability.
Impersonating users
Your other proposed solution of impersonating, also seems possible and is offered by the package according to the package documentation. This does require every tenant to have some kind of admin user. Since all Superadmins have access to the tenant over 1 shared admin user, I would not advise to go for this option.
I have two laravel app and each has separate authentication (login), now what I want is when the user successfully login to my first laravel app (login laravel app) then the second laravel app (serve as the main app) will authenticate the current logged user (successfully login). It's some sort of a global authentication where I have single separate login laravel app to be used in login and once use has logged in to that laravel app then he can automatically logged to any other app that was bind to that login app. Any ideas, clues, suggestions, recommendations, help please?
Honestly, I know this may not sound helpful, but there are lots of different ways this could be done, so it largely comes down to what your requirements/constraints are.
Things to think about:
How are your sessions currently managed?
Does there need to be a seamless transition or is it acceptable to log out users when the new system is in place?
Do you have the time and resources to implement a future-proofed solution or are you looking for a quick fix?
Do you have a roadmap for future development that might influence your implementation now?
This list is by no means exhaustive!
The answer is hiding somewhere in those questions but it is difficult to propose a true solution without more information. Think through the problem and the solution should present itself.
I'm building a series of web applications to use in a small business. We will be using laravel framework to build these applications. The first app will manage users, authentication and authorization for all future applications.
I have 2 doubts:
Is there some best pratice / model for this auth integration? How can I tell app B that the user is authenticated and has access to it? I want to build different laravel apps in order to make it easier to maintain, but (at least for now) they'll run in the same server.
Is it possible to make this integration with another php, non-laravel app? I have one legacy webapp, I'm trying to write the session data that authenticates it inside my laravel code and redirecting the user to the app, but the session data apparently isn't "persisting".
Thanks in advance.
It sounds like you are building a micro service architecture if you follow this methodology there is no reason your apps or services even have to be written in the same language as long as they and all interact using RESTful services.
More reading:
http://martinfowler.com/articles/microservices.html
I'm developing a system using Yii framework and mysql
and after finishing it i'm going to develop another one.
Those two systems should be shared with the same authentication module.
And maybe there are more systems coming up.
But I don't want to have two separate module for each project doing the authentication and authorization and I don't want to assign each user two passwords.
I'm searching for a mechanism to make the A&A process done with one external and shared system and let those two systems communicate with this system to get the rights for the current logged in user.
You need to implement SSO (Single Sign On) or to use some other method to overcome this.
Check here for a simple guide on how to implement SSO: http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
Also check some enterprise implementations like http://www.onelogin.com/
Finally some open source implementations will probably help you like https://github.com/jasny/sso
I have a php application that I need to add Authentication system and some sort of an ACL.
for the authentication part I choose oAuth based login systems, I will initially support login via Facebook connect.
once the user is authenticated I would like to grant and deny access rights to various part of the application. I need to have these setting persistance over a database.
can you recommend some ACL classes/frameworks that are lightweight and easy to implement ? if they have some sort of a frontend to edit permission that would save me a bunch of time.
thanks!
Don't know about the frontend, you probably could find one, but Zend_Acl and Zend_Auth can be used independently of anything else in the framework.