I'm trying to do this thing where if the user logging is an admin then Laravel needs to send them to the admin route and if the user is a customer then it needs to send them to the customer route.
I'm not sure how to go about doing this.
Any help would be much appreciated.
users table add new column role different role admin user and customer
and login controller check role and return view with different route
$user= Auth::user()->role;
if ($user->admin){
return redirect()->route('')
}else if($user->user){
return redirect()->route('')
}else{
return redirect()->route('')
}
Related
I am using policies to prevent users from accessing the admin panel. Only admins can be able to access the admin panel. I have created the policies and registered them in the authservice provider. The problem is when an admin logins in they are still not able to view the admin panel and instead, they return the 403 pages. where have I gone wrong?
the route in the web.php
Route::group(['prefix'=>'admin','middleware'=>(['auth','can::acessAdmins'])],function(){
Route::resource('dashboard',AdminDashboard_Controller::class);
}
the helper functions in the user model
public function hasAnyRoles($roles){
return $this->roles()->wherein('Role_name',$roles)
->first()?true:false;
}
public function hasRole($role){
return $this->roles()->wherein('Role_name',$role)
->first()?true:false;
}
Admin access policy
public function accessAdmins(user $user){
return $user->hasAnyRoles(['SuperAdmin','NormalAdmin']);
}
public function manageAdmins(user $user){
return $user->hasAnyRoles(['SuperAdmin']);
}
You should change the route to this:
Route::group(['prefix'=>'admin','middleware'=>(['auth','can:accessAdmins'])],function(){
Route::resource('dashboard',AdminDashboard_Controller::class);
}
The can::accessAdmins to can:accessAdmins, multiple typos.
Also see https://laravel.com/docs/8.x/middleware#middleware-parameters for more information on parameters.
And besides that you should make sure that the authorized user has the right roles.
everyone, I am fairly new to laravel I am currently working on a HR System project and I am creating a Leave managment where the user employee can ask for a leave of sort and the manager and admin can accept or deny it and it was going pretty well until at some point i dont know why but the user can still see what the admin should see he can still enter through the link even when the files are in the admin folder so i tried to do an if with Auth but it wasnt working and its giving me this error
"Trying to get property 'role_id' of non-object"
This is the code im using for the if in the index
LeaveController
public function index()
{
$leaves = Leave::latest()->get();
if(Auth::user()->role_id == 1){
return view('/home');
}
elseif(Auth::user()->role_id == 2){
return view('admin/leave/index', compact('leaves'));
}
else{
return view('admin/leave/index', compact('leaves'));
}
}
Employee has a role based id 1 and Manager has role id of 2 but the super admin doesnt have it he just exists like a default admin with all permissions thats why i just left it at else
If you have check if someone is an admin to continue the page you can make a middleware.
php artisan make:middleware CheckAdmin
Route::get('admin/profile', function () {
//
})->middleware('Admin');
and on the web.php file attach the middleware to the route.
Check the laravel docs for detailed information
https://laravel.com/docs/7.x/middleware
I want to implement a system where 6 types of users exist. So one is 'customer' who will login by a route like /login and rest of 5 users are admins and only they will be login using another route /system/base-admin. However, 'customer' never login with the /system/base-admin route if anyhow can known this route. And both route have different login form and if they failed to login 'customer' will be redirected /login and admins /system/base-admin.
I know about $guard and middleware check.
Question: How can i implement above scenario and how react professionals with this scenario?
Route::get('/login','CustomerLoginController#processLogin')->name('customer.login');
Route::get('/system/base-admin', 'AdminLoginController#processAdminLogin')->name('system.admin')
My Controller Looks like
public function processLogin(){ return view('customer.login');}
public function processAdminLogin(){ return view('admin.login')}
Thank you in advance.
The only reason I see to have different endpoints for login is to have different views.
Copy your Auth\LoginController, change $redirectTo to redirect to your admin panel. Overwrite AuthenticatesUsers\showLoginForm to show your admin form and update middleware in __construct.
Protect all your admin routes with admin middleware.
Now. Your users CAN login to your panel. BUT nothing will happen since they don't have access.
If you want to show them some kind of message when they try you can overwrite AuthenticatesUsers\login method with something like this
...
if ($this->attemptLogin($request)) {
if(!auth()->user()->isAdmin()){
throw ValidationException::withMessages([
$this->username() => 'You don\'t have access to this page',
]);
}
return $this->sendLoginResponse($request);
}
...
So I have a booking system. Basically it has this route
localhost:8080/itpr/booking/details/{$bookingId}
Where $bookingId = is the id in the booking_table.
My question, is there a way to hide the $bookingId from my routes from the the user? I don't want other users to be able to access to other booking transaction just by changing the $bookingId in the URL.
The easiest way to achieve this is by submiting your post request via AJAX. But if you are not comfortable using ajax request. You can create a policy that allows only the owner of those booking to make change: see code below.
php artisan make:policy BookingPolicy --model=Booking
Register the policy in your AuthServiceProvider: use App\Policies\BookingPolicy;
protected $policies = [
Booking::class => BookingPolicy::class,
];
Now inside your BookingPolicy then define policy for any method that you want to restrict users from. For example let make sure onl the authenticated user(owner) can update his booking. In this scenario we are assuming that you have user_id column in your Booking table and you have relationship between these 2 tables
public function update(?User $user, Booking $booking)
{
return $user->id === $booking->user_id;
}
Now in your BookingController you can call implement the authorizing actions(can or cant)
public function update(Request $request, $id) {
if ($user->can('update', $booking)) {
// Executes the "create" method on the relevant policy...
}
}
Hopefully this will help :)
have you considered using $table->uuid('id'); for PK? So that the users are not going to guess other bookings easily.
Add a check in your route if the booking ID is one that belongs to the user trying to access the ID. If not, redirect.
Otherwise, provide a dashboard like route showing the user bookings. then make an asynchronous call on the click using your userID/bookingID send that data to a template with a route that is something like your booking/details
Please Check Laravel Policy and define rules to check if the booking id is associated with the current user or not and . which can help you to secure the booking detail from unauthorized user.
I have route which I want to authorize on more than 1 one role.I have created 2 route group one is admin and other one is employee and there is a route abc.com/abc which I want to accessible on both roles. Admin routes are:
Route::group(['middleware'=>['auth','role:admin|hr-manager|manager ']],function(){
Route::get('employee',['as'=>'employee','uses'=>'EmployeeController#employeeList']);
Route::get('leave-type',['as'=>'leave.type','uses'=>'LeaveController#getLeaveType']);
}
Employee routes are:
Route::group(['middleware' => ['auth','role:employee']], function(){
Route::get('leave-type',['as'=>'leave.type','uses'=>'LeaveController#getLeaveType']);
}
Now when i login with admin i can't access leave-type route because admin user doesn't have employee role but when i assign admin user to employee role it will be accessible, and admin user can not be an employee so how can i accessible this route on both role.
Using laravel 5.4 and zizaco/entrust for ACL system. so please let me how what type of problem is this and how can get the solution.
Thanks in advance.
If you need more routes that are available to a base group and then a specific subset for others I'd suggest to reorganize the routes file to something as follows:
Route::middleware(['auth'])->group(function () {
//Routes available to all users
Route::get('leave-type',['as'=>'leave.type', 'uses'=>'LeaveController#getLeaveType']);
//Routes available to employees
Route::middleware(['role:employee'])->group(function () {
});
//Routes available to Admin, HR Manager and Manager
Route::middleware(['role:admin|hr-manager|manager'])->group(function () {
Route::get('employee', ['as'=>'employee', 'uses'=>'EmployeeController#employeeList']);
});
});