I am trying to modify the behavior of Fortify Register route.
I am sending out custom register urls, if this url doesn't match my logic I need to redirect to a custom page, so you can not even enter /register.
But I am only getting a 302 redirect loop for /register.
To do so I created a RegisterViewResponse to override default behavior:
use Laravel\Fortify\Contracts\RegisterViewResponse as RegisterViewResponseContract;
class RegisterViewResponse implements RegisterViewResponseContract
{
public function toResponse($request)
{
$canEnter = true;
if($canEnter){
return redirect()->intended('/register');
} else {
return redirect()->intended("/otherPage");
}
}
}
I also added this to FortifyServiceProvider:
$this->app->singleton(RegisterViewResponse::class,Responses\RegisterViewResponse::class)
Thanks for any help or advice!
Related
In my application I am using gates to validate the authorization of the logged in user. I want the user to be redirected to dashboard, with a custom message, instead of showing the traditional 403 | This action is unauthorized. page.
Here is my code:
class SomeController extends Controller
{
public function index()
{
# access
if(!$this->authorize('some-role'))
{
session->set('message', 'message');
return redirect()->route(...);
}
...
}
}
Is this possible..?
Easy way inside controller check here:
if (Gate::denies('update-post', $post)) {
// The current user can't update the post...
}
Proper way.
There is app\Exceptions\Handler.php there is render method where you can set you custom exception NotAuthorizedException (laravel < 5.5):
if($exception instanceof NotAuthorizedException){
return redirect($exception->route());
}
If laravel > 5.6 you can add below code and redirect inside app\Exceptions\Handler.php the render method:
if ($exception instanceof AuthorizationException)
I've created a plugin to extend the User plugin and I now want to extend the update function of its controller.
Actually what I'd like to do is to check some data when an admin
clicks on the Update button then, according to the data, let the admin edit the user form as usual or redirect him to the user list.
I'm trying to do this through a route in my plugin:
Route::get('backend/rainlab/user/users/update/{id}', '\RainLab\User\Controllers\Users#check_update');
in my Plugin.php file
public function boot()
{
\RainLab\User\Controllers\Users::extend( function($controller) {
$controller->addDynamicMethod('check_update', function($recordId = null, $context = null) use ($controller) {
return $controller->asExtension('FormController')->update($recordId, $context);
});
});
}
But I get a blank page. The user form is not displayed.
Can someone helps me ?
This wont work as it will break life-cycle of back-end and direct call method of controller.
As other solution, we can use events :) - backend.page.beforeDisplay
In your plugin's plugin.php file's boot method
public function boot() {
\Event::listen('backend.page.beforeDisplay', function($controller, $action, $params) {
if($controller instanceof \RainLab\User\Controllers\Users) {
// for update action
if($action === 'update') {
// check data ($params) and make decision based on that
// allow user to edit or NOT
if(true) {
// just redirect him to somewhere else
\Flash::error('Please No.');
return \Redirect::to('/backend/rainlab/user/users');
}
// if all good don't return anything and it will work as normal
}
}
});
}
it will do the job based on condition you can allow user to edit OR not (redirect him with message to other action).
if any doubts please comment.
My CI website has csrf protection.
$config['csrf_protection'] = TRUE;
So, when I resubmit form by refresh I am getting the following error.
The action you have requested is not allowed
Instead of showing this message, I want it to return to last page.
So, I try to override csrf_show_error() method by extending the CI_Security file.
This is my class located in application/core/My_Security.php
class MY_Security extends CI_Security {
public function __construct()
{
parent::__construct();
$this->load->library('user_agent');
}
public function csrf_show_error()
{
// show_error('The action you have requested is not allowed.'); // default code
// force page "refresh" - redirect back to itself
// a page refresh restores the CSRF cookie
if ($this->agent->is_referral())
{
redirect(site_url());
} else {
redirect($_SERVER['HTTP_REFERER']);
}
}
}
I am getting the following error
Call to a member function library() on a non-object
Insted of changing the core classes, I extended the MY_Securtiy class in core folder of application. and redirecting to past page.
File Location: application\core\MY_Security.php
class MY_Security extends CI_Security {
public function __construct()
{
parent::__construct();
}
public function csrf_show_error()
{
header('Location: ' . htmlspecialchars($_SERVER['REQUEST_URI']), TRUE, 200);
}
}
Thanks for your solution, but it seems better with a return code 302 by changing the request type of the new request to GET, regardless of the type employed in the original request (e.g. POST). The next refresh will not ask any question.
I've created a custom roles manager for Laravel (4.2) based on the named routes e.g.:
users.index, customers.create, vendors.update, orders.store, users.edit, customers.update, etc.
Basically anything registered as a Route::resource(...); within the routes.php file (with a few custom named routes)
I'm checking the permissions with this method:
namespace Acme\Users;
...
class User extends \Eloquent implements UserInterface, RemindableInterface {
...
public function hasPermissions($route)
{
$actions = ['users.index', 'users.create', 'users.edit', 'users.delete']; // fake data
if ( ! in_array($route, $actions))
{
return false;
}
return true;
}
}
Then, within the app/filters.php, I'm checking the current route against the User.
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
// check if the current authenticated User has permissions to access this route
if ( ! Auth::user()->hasPermissions(Route::current()->getName()))
{
return Redirect::route('dashboard.index');
}
});
Everything is working with any route using the GET method, but when it comes to PUT, PATCH, POST DELETE the Route::current()->getName() doesn't return anything.
Is there a better approach? I want everything to happen automatically, and I have a solution to this issue, but it's very involved. Is there a way to get the route name during a PUT, PATCH, POST or DELETE request?
Thank you.
Try to put your verification code inside after filter.
App::after(function($request, $response)
{
if ( ! Auth::user()->hasPermissions(Route::current()->getName()))
{
return Redirect::route('dashboard.index');
}
});
In the header section of my website I want to show new message. I have a method that fetches new methods and return them. The problem is that header section is in thelayout section and I don't want to repeat one method in all of my controllers.
How to achieve this by not copying the method to all of my controllers? I want to trigger newMessages() method on every page request to gather new messages for logged in user. How to do this the right way?
In your controller overwrite the oOntroller class function beforeAction()
protected function beforeAction($event)
{
$someResult = doSomething()
if ($someResult == $someValue)
{
return true;
}
else
{
return true;
}
}
The return value can be used to stop the request dead in its tracks. So if it returns false, the controller action is not called, and vice versa().
References : http://www.yiiframework.com/doc/api/1.1/CController#beforeAction-detail
You can use import controller in another controller action. something like below
class AnotherController extends Controller
{
public function actionIndex()
{
Yii::import('application.controllers.admin.YourController'); // YourController is another controller in admin controller folder
echo YourController::test(); // test is action in YourController
}
}