I am creating a Laravel project for the users. Laravel has its own laravel/ui package, but I am creating its admin panel too, and I am a bit confused about what I should do for admins. Also, I am confused about the security for the admin panel. So there are 2 solutions in my mind:
Add a new column in the user's table named status, and if its value is admin, he can access the admin panel; otherwise, redirect to the homepage.
Create a separate admins table and improve laravel/ui auth. For that, I found documentation here.
What should I do? Even i have added table prefix for tables in .env & config/database.php. I am afraid that the hackers/users should not access the admin panel. And also, tell me if the table prefix is good for security, or should I remove the table prefix?
You need the permission-roles system.
https://spatie.be/docs/laravel-permission/v4/introduction
This is good decision for you. With well-configured routes no one wont have access in admin panel without access in data base.
For example, in panel page only admin have access:
Route::name('adminspace.')->group(['middleware' => ['role:admin']], function () {
Route::view('/panel', 'pages.panel');
});
Related
Hello there I am working on a project in Laravel in which i need to assign permission to each user so that i could verify on each blade file or controller function to check whether the current user has the permission to perform this. Moreover, the side nav links are also generated using these permissions dynamically.
I created two tables:
1: User => [ID, Name .....]
2: Permissions => [ID, Name, user_id(fk)]
To solve this problem, i have stored all the permissions of users in session at the time of login. So that i can verify all permissions on each page and generate links fetching from session.
Is that good approach or there is any better solution for this
It would be good if you had share more code but i can see what you are want to archive. Firstly you dont need to store in the Session because you have already a relation between user Object and Permission. Add to your User model this lines of code:
public function permissions() {
return $this->belongsTo(User::class);
}
Then you have access in your blade or controller to the permission. Small example in the controller:
$user = User::find(1);
dd($user->permissions);
// you can write a condition to check if user has Permission etc.
Yes you can store this is the session. But the more better option will be to get the permission through relation object like
user::find(1)->permissions()
Well if you're asking "better solution" ... but I Not sure if it's too late for this information since you're already developing the project. However, I would recommnend this package for your long term management (for both user and dev).
Spatie Laravel-permission package
It has Role based permission and Direct permission design (which is similar to your design). Once you installed the package then role and permission tables are created for you.
Once you created desired roles with permissions, it's easy for you to manage which page to allow for which role and which button show be shown.
You can check roles in your controller for those who can view this page.
In blade, you can check both roles and permission for which button to show or disable.
Hence, your don't need to worry about session settings or session expires. It's better for maintaining and development in future.
The Spatie package has simple syntax and easy to work with.
Installation:
composer require spatie/laravel-permission
Syntax:
Basic usage and syntax
There are plenty information or tutorials out there.
Voyager is one of the most efficient admin panel for laravel. But, here I am trapped in a typical situation. For example, I am using this admin panel for booking appointment. I want the admin to view all the records but the user to view, edit, delete only the records which he had added. I can insert my own Page there but that will increase the work as I have to create my own add, edit, and delete functionality along with the view. I just want to know the place where the data is fetched from database to display on the view page so that as per the login user I could manipulate it.
To achieve this:
You need to add policy to your bread php artisan make:policy PostPolicy
Inside the policy you can specify who can edit what depending on your logic
I'ts just for practice and I need how to set up an Auth in Laravel but in the same table User. I know I have to use the default model User.php. I added my new column "type" where here I'm going to manage common users and admins. I edited and migrated that, also according to docs I created my guards and register providers but I don't know whats next. I know how to do it with another table but in the same table I have no idea how. I don't know how this Laravel's files works.
I am new in magento. I wanted to add multi vendor website in magento. how can I add multiple stores in magento and where do I can create a login form for vendors
and also how can I add a URL for vendor login..for e.g.- abc.com/vendor instead of abc.com/admin
You can create stores by following this link.
and for second question, you can create multiple users by going through System->Permission->Users and click on Create User. You can restrict the access to the menu for the different users through by creating different roles to them through system->Permission-> roles and all of them ca be accessed through the same link
I am new to cakephp development. I have create user controller to register, login & update own profile in the user table. I can access the user controller with http://local-host/my_project/user/login.
I have also a admin table in database so that admin can login and manage user in my project. I want to create a folder separate folder (ex: admin) in the controller directory so that i can access the controller files using http://local-host/my_project/admin/controller/login & http://local-host/my_project/admin/controller/manage.
You should have a look at 'prefix routing' in the manual, it seems that this is what you're looking for:
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
With prefix routing, you'll be able to add, for example, an action admin_overview() to your User controller which is then accessible via the URL /admin/users/overview. The 'admin' prefixed action will not overlap with non-admin actions (e.g. 'overview()'), which will be accessible via the 'regular' URL; /users/overview/
Of course, you can create separate admin controller(s) for this purpose, but you may need to create custom routes. For more advanced options regarding routing, it's worth your time to read the whole chapter (or, even better) read the whole cake cookbook, it's also available as eBook for offline reading;
http://book.cakephp.org/2.0/en/index.html
Another solution is to develop the 'admin' part of your application as a plugin. This will keep your frontend and backend controllers/models/views separated. As a bonus, the backend may can be re-used for other projects as well (depending on its design of course)
http://book.cakephp.org/2.0/en/plugins.html#creating-your-own-plugins