How do i check Authentification in the Controller Index Laravel 7 - laravel

everyone, I am fairly new to laravel I am currently working on a HR System project and I am creating a Leave managment where the user employee can ask for a leave of sort and the manager and admin can accept or deny it and it was going pretty well until at some point i dont know why but the user can still see what the admin should see he can still enter through the link even when the files are in the admin folder so i tried to do an if with Auth but it wasnt working and its giving me this error
"Trying to get property 'role_id' of non-object"
This is the code im using for the if in the index
LeaveController
public function index()
{
$leaves = Leave::latest()->get();
if(Auth::user()->role_id == 1){
return view('/home');
}
elseif(Auth::user()->role_id == 2){
return view('admin/leave/index', compact('leaves'));
}
else{
return view('admin/leave/index', compact('leaves'));
}
}
Employee has a role based id 1 and Manager has role id of 2 but the super admin doesnt have it he just exists like a default admin with all permissions thats why i just left it at else

If you have check if someone is an admin to continue the page you can make a middleware.
php artisan make:middleware CheckAdmin
Route::get('admin/profile', function () {
//
})->middleware('Admin');
and on the web.php file attach the middleware to the route.
Check the laravel docs for detailed information
https://laravel.com/docs/7.x/middleware

Related

Auth facade doesn't work without Sanctum api as middleware in Laravel 8

I'm creating an api through which anybody can view a page, however only admin can see all posts, while users are restricted to approved only. This is implemented via is_verified boolean variable where admin is given value of 1 and user the value of 0. I want to create a function like this
public function show(){
if(Auth::check()){
$showAllDetails = Events::all();
echo $showAllDetails;
}else {
$showUserDetails = Events:all()->where('is_verified',1);
echo $showUserDetails;
}
}
However Auth:check only works if I have sanctum api in my route
Route::middleware('auth:sanctum')->group(function () {
Route::get('view', [ViewController::class, 'show']);
});
If I run this code on Hoppscotch, it only shows if the admin is logged in (User don't require login). So a user can't see any post. If I remove the auth:sanctum middleware, only the else part of the code runs and no auth check or any stuff can run .
I need a way to incorporate both in a single function so that I can create a single route instead of creating two routes for different persons. Any way of doing such things?
public function show(){
if(Auth::check()){
$showAllDetails = Events::all();
echo $showAllDetails;
}else {
$showUserDetails = Events::where('is_verified',1)->get();
echo $showUserDetails;
}
}
I guess your else part is incorrect query, change your else part like above

Getting laravel to use a different route when logging in

I'm trying to do this thing where if the user logging is an admin then Laravel needs to send them to the admin route and if the user is a customer then it needs to send them to the customer route.
I'm not sure how to go about doing this.
Any help would be much appreciated.
users table add new column role different role admin user and customer
and login controller check role and return view with different route
$user= Auth::user()->role;
if ($user->admin){
return redirect()->route('')
}else if($user->user){
return redirect()->route('')
}else{
return redirect()->route('')
}

Laravel Auth::id() return null after login

I have a login form to access to my web page.
In my local computer everything works fine. But now I upload my project to my server and when I login the directive #auth() is null.
I put in my controller this: dd(Auth::id()); and in my local server returns a Id but in the production server returns null...
in web.php I have tis code:
Route::group(['middleware' => 'role:admin' OR 'role:user'], function () {
Route::get('/users/inicio', function(){
dd(Auth::id());
return view('frontend.dashboardUser');});
});
This return null
Can you help me?
Thank you
I think there might be some session problem, It might not be maintaining the session state.
My suggestion:
Try echo session_id() multiple times, If every time different id is generated then there will be some problem with the session on server otherwise not.
Have you registered a new user after you pushed your code to the production? I mean have you logged in using an existing user on production? I believe your production and local Database is different and the user who exists on local does not exist on production DB.
Register a new user and login as the new user and then try accessing the route to see if you get the auth id.
For a security reason, you can't access the login user or any other session into the web.php file as well as a constructor of the class.
To archive this you can use middleware something like this:
public function __construct() {
$this->middleware(function (Request $request, $next) {
if (!\Auth::check()) {
return redirect('/login');
}
$this->userId = \Auth::id(); // you can access user id here
return $next($request);
});
}
This link can help you more. Good luck!!!

How to implement maximum login attempts while not using default LoginController?

I want to prevent user login more than let's say 3 times. I know that there's a trait ThrottlesLogins. I also know that I can set everything in hasTooManyLoginAttempts. But what if my app works differently and I did not created auth via make:auth command (I don't have LoginController). How should I use this hasTooManyLoginAttempts method?
I've tried to add the following into my login method:
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
yah you can do it , keep a field login_attempt in your table .
and check the count if he fails upadate the field 1. and then check his
login attempt.
$attempt = User::where('id',$userid)->first();
if($attempt->login_attempt == 3){
//write your code for inactive user or block the user
}else{
//redirect to dashboard
}

Laravel - Redirect after login

Im a bit of a newbie when it comes to Laravel so i was hoping someone could help out.
Im using the standard authentication and login stuff that ships with Laravel so theres nothing fancy going on, but what i want to do is check in the DB to see if a few fields are completed ( name, address, postcode ) .... If they are, then the user gets redirected to the dashboard, but if they aren't, the user will get redirected to the profile page to fill out the rest of their information.
Im guessing i should put something in my routes.php file in the
Route::post('login', function
part, but how do i check for the fields?
Any help would be greatly appreciated.
Cheers,
Once you have authenticated the user using Auth::check you'll be able to grab the authenticated user with Auth::user.
if (Auth::attempt($credentials))
{
$user = Auth::user();
if ($user->email == '' || $user->address == '')
{
return Redirect::to('user/profile');
}
return Redirect::to('home');
}
You just need to check the fields you want on the user to make sure they are there. If they're not then redirect them to the profile page. If they are redirect them to the home page or somewhere else.
You can also do it this way
if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password')))) {
return Redirect::to('users/dashboard');
} else {
return Redirect::to('users/profile');
}
You can use this code
if (Auth::guest())
{
//user is not authenticated or logged in;
return Redirect::to('login');
}else{
//user is authenticated and logged in;
return Redirect::to('profile');
}

Resources