I found the way to add an admin guard.
But there are no documentation to customize the following functionality:
Auth::guard('admin')->attempt()
Auth::guard('admin')->user()
Auth::guard('admin')->check()
middleware('auth:admin')
I need to check an additional field of admin table to check if the admin can be logged in.
In Auth::guard('admin')->attempt(), I want to use SQL like this:
Admin::where('login_id', $request->input('login_id'))
->where('password', md5($request->input('password')))
->where('additional_field', [additional condition]);
By Auth::guard('admin')->user(), I want to get the result of SQL like this:
Admin::where('id', Auth::guard('admin')->id())
->where('additional_field', [additional condition]);
And both Auth::guard('admin')->check() and middleware('auth:admin') also should consider the additional condition in the code above.
Is there a way to customize them?
And, are there any other functionalities of Laravel's auth which I have to customize to satisfy the requirement of the additional condition above?
I'm using Laravel 8.
IF your additional stuff are some input like login_id and password
maybe this should work.
$cradentials= $request->only('email','password','additional stuff');
if( Auth::guard('admin')->attempt($cradentials) ){
//stuff here
}
Related
I am getting to know the Laravel framework, and in the test application I am using the santigarcor/laratrust package to implement Roles and permissions.
For the project, I assumed that a user may have several profiles (One To Many) with assigned roles and permissions.
After logging in, the user is automatically assigned a default profile in the session, which he can change later.
For example:
User $user has a profiles: manager, editor and reader. Each profile has different roles/permissions.
The default profile is the editor. After logging in, I save to
Session::put('profile', $user->defaultProfile).
If I want to check the roles, e.g. in the controller, I can do:
$profile = Session::get('profile');
$profile->isAbleTo('edit-user');
But if i want to use middleware or blade directives #role(), #permission(), #ability() how to do it? best practice way?
Is it possible to easily map these methods so that they check not the user (auth()->user()) but his selected profile? Or I should write custom middleware and blade directives?
Since there was no answer here, I read a few and decided to use the built-in Gate functionality. So I can use Gate methods for authorizing abilities (allows, denies, check, any, none, authorize, can, cannot) and the authorization Blade directives (#can, #cannot, #canany).
The gates are defined dynamically:
\App\Models\Permission::get()->map(function($permission) {
Gate::define($permission->name, function($user) use ($permission) {
if (session()->has('profile')) {
$profile = session()->get('profile');
return optional($profile)->hasPermission($permission->name);
}
return false;
});
});
So for now I think is solved, but I will test it more.
laravel: i want to know the solution.. If i logged in my account in my browser and i try to open other browser like incognito... and open other account.. and my problem i want to check or detect the other user is open.... like friend....is online.....
You have multiple answers to this question, you can use redis to live check all your currently logged in usersn but I can show you a simpler way :
Add a last_activity column in your use table,
then add a middleware in your app doing this :
if(auth()->check()){
auth()->user()->update(['last_activity' => now()]);
}
then assuming you have a friends() many to many relation in your user model
you can do this :
$online_friends = auth()->user()->friends()->where('last_activity' , '>', now()->subMinutes(5))->get();
i have codeigniter background. Now, i'm learning about laravel. So, i'm in this condition (Example), I'm trying to create a webapp, which has multiple users. The UsersType A , they can access menu a, menu b & menu c and UsersType B they only can access Menu a.
Now, i'm using https://github.com/lavary/laravel-menu . Well, if it's only have two types , i can write it manually. But, what if there are five types of user or more.
When i'm using codeigniter. I create 4 table Users , UsersType , Menu & MenuAccess. You must be understand how it's work. I just, play it with query then i show it.
UsersType (Users) -> TypeId (UsersType) -> MenuId (MenuAccess) -> MenuId (Menu)
I already use google and I found this https://github.com/Zizaco/entrust but what i can see from that package. It's only give the permission on the action (input,edit & delete)
So, Can i do my codeigniter way in my laravel ? Save my routes properties than show it in my rouotes/web.php (I don't know if it possible, haven't try it yet). sorry for my english.
What I would do is put a function in the User class which checks it's own permission and then returns a view which contains the menu that user has access to.
public function menu()
{
switch($this->role) {
case 'admin':
return view('menus.admin');
[etc]
}
}
Then in the view just check if the user is logged in and show the menu:
#if Auth::check()
{{ Auth::user->menu() }}
#endif
As mentioned in the comments,it sounds like what you want is the ability to conditionally display content based on whether a user has certain permissions.
There's a number of implementations of this. Essentially what they all do is store permissions that can be granted to users, and optionally store roles that allow permissions to be assigned to a role and then users can be given that role, automatically granting them the permissions associated with that role.
I've found spatie/laravel-permission which appears to be quite good. Then, if you pass your user model into the view, you can do something like this:
#if ($user->can('edit-posts'))
<a>Edit post</a>
#endif
That should be flexible enough that it can be reused for different permissions too. If that doesn't do the trick, then it's not hard to roll your own permission system using Laravel's authorization system and you should be able to use the can() method in the same way.
I'm trying to find all users w/ a specific permissions list in Sentry with laravel. The problem is that Sentry::findAllUsersWithAccess() returns an array().
as stated in their github repository i pinpointed their code to be
public function findAllWithAccess($permissions)
{
return array_filter($this->findAll(), function($user) use ($permissions)
{
return $user->hasAccess($permissions);
});
}
right now, it gets all users and filter it out with users with permission list. the big problem would be when I as a developer would get the set of users, it'll show ALL users, i'm developing an app which may hold thousands of users and i only need to get users with sepcific permission lists.
With regards to that would love to use one with a ->paginate() capability.
Any thoughts how to get it without getting all the users.
Why dont you override the findAllWithAccess() method and write your own implementation, which uses mysql where instead of array_filter().
I dont know your project structure and the underlying db schema, so all i can give you atm is the link to the eloquent documentation Querying Relations (whereHas).
In case you dont know where to start: its always a good idea to look at the ServiceProvider (SentryServiceProvider, where the UserProvider, which holds the findAllWidthAccess() method, is registered). Override the registerUserProvider method and return your own implementation of the UserProvider (with the edited findAllWithAccess() method).
Hope that will point you in the right direction.
In Laravel you can do pagination manually on arrays:
$paginator = Paginator::make($items, $totalItems, $perPage);
Check the docs: http://laravel.com/docs/pagination
I want to extend Ion Auth to only allow certain email addresses to register.
I'm fairly sure I could hack this together and get something working, but as a newbie to codeigniter and ion auth I wish to find out if there is a "proper way" to be doing what I need?
For instance can I "extend" ion auth (so I can update ion auth core files without writing over my changes?).
I noticed there are also hooks including this one (in the register function):
$this->ci->ion_auth_model->trigger_events('pre_account_creation');
Where do these resolve and can I use this one in order to intercept registrations from email addresses which don't match a list of those I wish to register?
If so, how would I do it? I would need access to the $email variable from the register() function.
Or is it just a case of altering the base code from ion auth and not updating it in the future?
Thanks for any help you can give me. Don't worry about the email bit, I'm capable of working out whether an email address matches the required email domains, I'm more interested in what is the best way to go about extending the library.
Tom
EDIT: Hi Ben, thanks for your answer, and thanks for taking the time to have a look at my issue. Unfortunately this hasn't helped.
I guess what you're trying to do there is add a little bit to the sql query a "where in" clause? I guess that the where in bit is incorrect as there isn't a column name.
Also, at this point I can't modify the sql query satisfactorily to produce the required output. e.g. I can add a hook to a function which is literally $this->db->where('1=1') and this outputs this sql in the next query:
SELECT COUNT(*) AS `numrows` FROM (`users`) WHERE `1=1` AND `email` = 'rawr#rawr.com'
The AND email = 'rawr#rawr.com' bit will always still return no rows. It should be OR email = 'rawr#rawr.com', but without editing the Ion Auth core code then I won't be able to change this.
I am starting to suspect (from the last couple of hours of tinkering) that I may have to edit the ion auth core in order to achieve this.
Check out this example: https://gist.github.com/2881995
In the end I just wrote a little form_verification callback function which I put in the auth controller of ion_auth which checked through a list of allowed domains. :)
When you validate your form in the auth controller you add a callback:
$this->form_validation->set_rules('email', 'Email Address', required|callback_validate_email');
You create a method in the controller called validate_email:
function validate_email() {
if (strpos($this->input->post('email'), '#mycompany.com') === false) {
$this->form_validation->set_message('validate_email', 'Not official company email address.');
return false;
} else return true;
}
This will cause the creation of the user to fail, since all rules must pass. You also provide an error message. Just make sure to have this line on the form view side:
echo validation_errors();