I am new to Laravel but I must say I am enjoying it a lot. I have got a task in hand in which i have to crete DB for user (Of Course Like other web app), in which user have privacy setting as they need. For example if a user creates a new post user can choose either he/she can share among there friends, public or make it private. What I cannot decide is:
Do I create a column inside user table and get the privacy setting
Or
Does Laravel has some class that I can implement?
What would be the ideal solution for the problem. I am currently using larval 4.2 version.
Thanks for your help in advance.
Related
I am building a eCommerce platform. Where I have to make several user roles and specific permission for them. I have successfully created admin and default user roles and permission.
But I am getting so much trouble to show the views and menu items based on other user roles like Editor/Manager/CS Team.
I tried to do using different middleware for every one of them. But It's not working efficiently and even at all.
For the Admin role, I created a Admin Middleware where I am checking user role type and giving access. I defined the admin middleware on Route gruop.
Can you suggest me? - how to setup permission/views/menu items efficiently for different user roles?
Thanks in Advance.
Note: I am trying to do it without any package.
Yes you can make your own custom build library by setting roles,permission table in database and as soon as the user log's in you put all that information in session or cache. But doing so might get you in trouble in future coz lack of testing it's all feature, You have to be sure what exactly you are doing to manage it by yourself or else you can use already tested many time library like
laravel-permission
Using a well known and trusted library ensures that it will solve your problem, but take your time to read it's documentation and analyse if it contains all features that you want in your application.
You need to define policy.
Policies are a great way to protect actions on your Eloquent Model. Laravel Policies are the part of Laravel Authorization that helps you to protect resources from unauthorized access.
Please refer this documentation to how to register policy and how it works in views file:
https://www.larashout.com/laravel-policies-controlling-authorization-in-laravel
I'm wondering if someone could shed some light on an issue im having.
I am following a tutorial on Laracasts about building a forum using Laravel ( 5.4 ) and TDD.
At the moment we have developed the authentication system and now its moving on to actually posting a 'thread'.
In the tutorial, only logged in users can post, then the post is associated with the user that posted it.
But, how would i go about allowing non-logged in users to post as well.
What would be the best approach to take to this?
Any help would be greatly appreciated.
Solution, maybe not good : Create anonymous user in your users table (with ID = 0 for example). And after if user is not logged in to post a thread, you use anonymous user, and you store IP address in your thread table.
Storing IP Address will permit you to attribute thread when user will decide to create his account (and replace 0 by the real user_id in the futur)
Laravel Provides an authentication which can be injected in the constructor of your controller .
Check this link for your reference
https://laravel.com/docs/5.4/authentication
or Since your watching Laracast what the Laravel from Scratch the part where jeffrey is creating a Blog
Good Luck
I have a Laravel 5.1 app using Sentinal for security. Right now we're just using the two stock groups, Users and Admins. Recently I invited a colleague to start testing my app, so I created a user for him. I forgot to add him to the Admins group. When he logged on in infinite redirect loop started because the authentication redirect sends users to a route called home, but you can't load home if you aren't in Admins, and get redirected back to login. Which redirects you back to home.
This is a business rule, we only want Admins using the part of the app that they need to authenticate to, but we'd like to do something friendlier than sending a 403 if you aren't an Admin. I would like to send Authenticated Users to a specific route, or even just redirect them to a static page.
I think I've almost worn out Google trying to get a clue about how to do this. Seems like this should be easy-peasy. I could start hacking the vendor code, but I can't believe that there isn't a more graceful way to do this.
Sorry if this is a dumb question. I'm fairly new to Laravel.
OK folks, I got this working. I wrote a piece of middleware called RedirectIfNotAdmin.
I couldn't find a Sentry or Guard property/method that could tell me about group membership, so I made plain ol' eloquent models for my users and groups tables. I created a many-to-many between those models. In my middleware I use Sentry to get a user id, with that I instantiate one of my own User models. In my User model I implemented a method isAdmin() which gets the groups for the User and returns true if one of them is 'Admins'.
If that isAdmin() method returns false, I redirect to a page that explains that the user doesn't have permissions.
Quite a bit more elaborate solution than what I expected I would need to write. I really thought rydurham/sentinal would have this pretty much solved. Maybe Sentinal does have a cleaner solution and I'm too dense to find it. If anybody would like to comment on a better way to solve this, I'm all ears.
I'm trying to build an authentication system in my application, but I'm having some problems in deciding which is the best way I could acomplish what I want in CodeIgniter.
The website allows companies to manage their buildings. A company can have many buildings, and many users (when I say users I mean employees from that company).
In this website I would like two have (basically) four general kind of users.
Super Admin: This would be able to add new admins and new companies to the database, and give privileges to the rest of the admins.
Admin: This would be able to do different stuff depending on the assigned privileges.
Company Super User: This user would be created directly when an admin creates a new company. This user would be able to create new users for that company, and since s/he would have total permissions, he would be able to do everything that the other users can do.
Company User: Depending on the privileges assigned by its super user, this user would be able to do and see different data (for example, a simple user would just be able to see information from one of the many company buildings).
So, even though I've seen many authentication libraries out there for CodeIgniter, it would be nice to hear any recommendations about how I could design this "authentication role based" system, and if you particularly recommend a library that could help to accomplish this.
Appreciate!
There Are many libraries that already handle Authentication within Codeigniter, but the one I would recommend is Ion_Auth. It handles user permissions (groups) very well and I've actually done a detailed writeup outlining a good way to handle this situation with Ion_Auth.
I suggest FlexiAuth library which is a re-modified version of ion Auth, and has lot of features already built in, simply out of the box.
I've been developing a role based authentication system for Codeigniter called WolfAuth, here's the repository. It's still early days, but it sort of works. You can add roles, etc and then restrict functions and classes to particular user roles and usernames.
Use CI_aauth. I like this, this is very good from others auth.
https://github.com/kabircse/CodeIgniter-Aauth
I am doing new project in symfony1.4. Now this project requires users to log-in and browse, and as any project of this type requires a way of restricting users based on roles.
I don't want to implement this in obvious way, i.e to have roles attribute for each user and have pre-defined roles and assign these to users. The problem with this is it's not very flexible as more roles get defined later.
I was thinking on the lines of using an EAV model here, (not sure I can do that in symfony). What you guys think, do you have any better suggestions to make user roles much more flexible when they get added or deleted.
Also, what is the best way to display the page based on user roles, as I want some elements to be hidden according to the roles. Should I compare the role in each page and hide elements on every page? Is there a better solution?
Please shed some light on these.
Thanks
The sfDoctrineGuard plugin (http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin) is a pretty comprehensive way of handling user authentication, groups and credentials. Users can be set permissions either individually or as a group, and access to specific page sections or entire actions can be restricted based on those permissions. You can set new user credentials in the controller code itself, e.g.
<?php
$this->getUser()->setCredential('editor');
?>
And verify that a user has particular permissions in views:
<?php
if ($sf_user->hasCredential('editor')) {
// stuff only for editors
}
?>
This page has lots of extra info on the plugin not covered by the readme file - http://trac.symfony-project.org/wiki/sfGuardPluginExtraDocumentation (although it refers to Propel rather than Doctrine). Also the following series of short tutorials is pretty useful:
http://www.finalconcept.com.au/article/view/symfony-user-management-sfdoctrineguard-installation
http://www.finalconcept.com.au/article/view/symfony-user-management-sfdoctrineguard-administration
http://www.finalconcept.com.au/article/view/symfony-user-management-sfdoctrineguard-securing-actions
And the Symfony tutorial page on users:
http://www.symfony-project.org/jobeet/1_4/Doctrine/en/13