Laravel 4 with Sentry 2 for ACL
Note: I am using laravel functions for login, but need sentry only for ACL purpose, to check permissions
Want to achieve this:
if ( Sentry::getUser()->hasAnyAccess(['system']) )
{
echo 'has access to system';
}
but i keep getting the following error:
Sentry::getUser()->hasAnyAccess(['system']); //this hits error: Call to a member function hasAnyAccess() on a non-object
The way Sentry2 does authentication is not compatible with Laravel's built in authentication system. As far as I understand Laravel's built in authentication system and Sentry2 set different session keys to store the details of the logged in user. So it is not possible to use Sentry2 to pull up the details about laravel authenticated user. But, given that you use the same database table for both User model and the model used with Sentry2 this should work.
Sentry::findById(Auth::user()->id)->hasAnyAccess(['system'])
If you want to use Sentry in built in auth compatible way you may want to check this package.
https://bitbucket.org/hampel/sentry-auth-driver-for-laravel
If you interested there is a laravel package that integrates sentry with an admin panel: https://github.com/intrip/laravel-authentication-acl
The problem here is that Laravel Auth and Sentry do not use the same variables to store user information, so when you authenticate with Laravel's Auth::attempt(), Sentry::getUser() will still return null.
The opposite is also true - if you authenticate with Sentry::authenticate(), Auth::user() does not return an object.
The simplest solution is to do an all-or-nothing approach to authentication; either swap out the Laravel portions for Sentry, or vice verse.
One way I've implemented role based ACL in native Laravel is by adding a roles table to the database which has a name column on it + a pivot table, then adding this access checking code to my User driver. That code allows me to check ACLs via syntax like Auth::user()->is(["admin", "publisher"]), etc.
Related
First important information: I’m new to Laravel, so your patience is appreciated.
I’m currently migrating a framework of mine to Laravel and still in the early stages. I know that Laravel has it’s own database construction mechanism that is recommended to use the migrations and the Models, however, for my purpose, I’d like to use my own database that I use in other systems that I’ve built in the past. The idea for this system is to have a shared database, but operable through different tech stacks.
This is my current scenario:
Laravel 8
Sanctum 2.14
Frontend (Laravel):
I’ve built a very simple login page that has a controller and sends data (user and password) to my backend (Laravel). In the backend (different server), I grab the data and check if the data is correct. Being correct, I send a json response with some data, like:
returnStatus = true
loginVerification = true
IDCrypt = asdfasd4fa654sd54a (encrypted ID to grab in the frontend again)
Up till here, it’s working fine, as I wanted and very similar to my legacy systems.
My idea would be to get this response in the frontend, via auth token managed by Sanctum and use a middleware to check the token in order to let the user access some web routes.
I’ve watched some videos, but I’m only finding videos that use all the database mechanism that Laravel provides.
However, my intention would be to generate the token with data from my own table and data objects I created (without any existing Laravel´s models).
Is there a way for me to do this?
How would I set the token in the backend and include in my response?
How would I grab the token in the frontend in a secure way?
Lets say you have a model LegacyUser and this is your existing authenticable entity.
In this model simply override methods defined in the Laravel\Sanctum\HasApiTokens trait. Specifically createToken and the tokens relation for your use case by the sounds.
Then you can create tokens anywhere like usual with
$user = LegacyUser::find( $id );
$token = $user->createToken('token-name');
Then us the token as usual.
NOTE: if you're also changing how the tokens are stored/retrieved you'll need to set the token model, docs cover that here: https://laravel.com/docs/8.x/sanctum#overriding-default-models
If you want to avoid using authenticable entites (ie, no laravel models) entirely that's going to be more complicated and Passport might be a better shout, as client_credentials dont need to be associated to a user entity.
Alternatively: Write your own middleware that is compatbile with your existing auth process.
I want to create a new Laravel 5.8 based application using the database of an old PHP based application.
The problem is: My previous project uses five tables to store user-related information and all of those tables are used during login (to set session data).
Those tables are user_account, user_role, user_partner_portal, user_access_control, and user_control_access_right.
The relationship between those tables are in the below images:
By default, laravel uses users table to handle authentication and I don't know how to customize Laravel login system so that I can use all of those five tables during login to authenticate a user and also store the user-related information into the session.
I am primarily using CodeIgniter for all of my projects and it is very easy to do that authentication using CodeIgniter. But I am new in Laravel, so I can't figure it out.
So my question is: Is it possible using laravel to design such an authentication system? If yes then how?
TIA
So laravel uses LoginController class for the login. Inside there you are going to find the function authenticate.
Laravel put's the predefined logic there but if you want to make it really custom like update all your tables etc etc you are free to do it.
You can even create your own class and change the login route to point to your own controller. Basically you can do anything you like.
Hey guys i am new to laravel and i am trying to make a login system for lecturerand admin where the admin can register and edit the users details. I am aware that Laravel has an in-built auth system but it does not have the the function to edit the user details. There are two options that i thought that might work
Use the existing auth system for register/login while adding a new controller and view to edit the users details.
create a new register/login system from scratch with a new migration table and implement the edit functions. But my concern is if i create from scratch how to i use the Auth() class to handle the access control?
Anyone able to clarify for me which option works??
i suggest you to use laravel Auth Class and then use some ACL package like laravel-permission
https://github.com/spatie/laravel-permission
to handle you user as admin,guest and so more
you can create multi level users with different permissions and roles
Definitely option one
It's always good to use Laravels built-in user scaffolding
Most of the authentication and authorization for your application will already be handled
Why reinvent the wheel? Option 1 it is.
I am working on one laravel project. I am new to laravel.
I have few roles(editor,user,admin) in the system. We don't need multi auth system.
I don't need multi auth for different roles and create prefix based routes accordingly.
e.g
www.sitename.com/admin/editprofile, www.sitename.com/editor/editprofile
Let's say if all above mentioned roles request for
www.sitename.com/editprofile
then I want to call individual controller based on role, so I can handle request properly and my code remain clean. I don't want to do all the things in single controller.
When user/role updates profile, different roles have different input fields so it's better to distribute request to individual controller.
Currently, I am using below package for roles and permission which is nice still.
https://github.com/spatie/laravel-permission
Environments:
Laravel Version: 5.3
DATABASE: Mysql
Server: Apache
Please help me on this.
You should be able to 'listen' on 1 controller method and then redirect to others based on the input. At least with 5.3:
https://laravel.com/docs/5.3/redirects#redirecting-controller-actions
My actual project needs to implement an ACL for the diferent roles in my users.
For now, I have like 4 roles defined by the client (Administrator, Head of Departament, Secretary and Teachers) but he wants to create more roles whenever he needs it.
Knowing this the clue is I want to know if is there any way to control the system access without checking the access in each method of my system. Laravel provides my the Authorization services but is not enough for the desing of my system, but I think is a deprecated way checking every method.
My idea is implement something before enrouting any request and check if the user has access depending on his roles, in this way I won't need to check it in every method as the actual solution that laravel Authorization services, laravel-acl of Kodeine or similars offers me.
If someone has an idea to set forth this Idea please answer this.
Also I want to know if this could affect the system security and how and how I can handle that.
Thanks in advance.
If you want to use role-base access control only, it's very easy to create own middleware where you check passed roles. Now in your routes you can protect routes depending on user roles, for example:
Route::group(['middleware' => 'authorize:admin,secretary'], function() {
// your route here
});
You have sample role middleware in Laravel documentation here.