I created a registration form using make:auth in laravel and I made some changes to it like below:
I want to create three separate registration forms(each form has slightly different inputs) such as normal user, special user, super user for example. So that any user can select the registration category they want. I read about spatie in laravel but I am only looking to a way to be able for user to choose the registration form and it changes accordingly on the same page.
Is there a way to do this?
Related
I have just started using Laravel Nova and need to create some sort of custom action.
Within my Nova Dashboard I would like to have a button to create a new User.
I also need to generate a password and choose from a role for this user.
If User has role admin I will need to send user password per email.
What is the best way to have this action inside Nova?
Thanks!
I have a shop-store project. This project starts with basic functionality and grow up on each software life-cycle. Recently tendency to deploy some customization for user and analytics grow. I wanted to add favorite capability to project. The project has guest mode which unauthenticated user can see products.
Each user may choose to add a product to his/her favorites(after Auth). so far so good. I decide to append favorite attribute to products.
Trouble comes when i try to return products from controller as response. If i use Auth middleware unauthenticated users redirected to login. If i use custom code, every API with product should be changed accordingly. If i try to append filed in product model, i don't have access to Auth class nor requestin product model.
What's the way to handle such a situation? I appreciate your help.
UPDATE:
There are many models in my project. Order, OrderProduct, Product, User, Payment, Category, Delivery, ....
I want to have a new table named Bookmark which has two column: user_id and product_id.
Product == One Many == Bookmark
User == One Many == Bookmark
You can use the blade #auth directive to check for user authentication.
Then for templating
{{auth()-> user -> bookmark -> all()}}
This should work if you have established a one to may relationship between user and bookmark in your model.
I plan to develop a system that has three user types (admin, business, personal). I want to have each user types information stored in a separate table for easy access and to reduce the number of blank fields (if they were all in one table).
Having looked at multiple Multi-auth packages available for Laravel, they all appear to be insisting on an approach with URLs like the following:
/admin/login
/business/login
/personal/login
Ideally, I would like to take an approach where the standard Laravel Auth /login can be used meaning that all users log in from the same page.
My knowledge of Laravel is limited so all and any help is appreciated.
The usual approach is to have one users table which has the ID/email/username (as primary key), login credentials and user types for all the users which will be logging into the system. The information however can be stored in separate tables for each type, referencing the foreign key.
After authenticating the user, then you can decide what to do with the user based on the user type.
If you store login credentials in multiple tables, that's data redundancy. Unless you want the same email/username to have more than one user type, but then during login, the user has to decide which user type they want to log into (maybe by selecting a dropdown option).
Update: about user roles
If you need to simply redirect users after logging in, use $redirectTo. Or if you need to decide what to do with the users depending on the roles after logging, you can make use of authenticated() method (add this method if it's not already there, it will overwrite the AuthenticatesUsers trait) inside your AuthController/LoginController.
Throughout your application, I'd suggest assigning middleware to route groups to restrict routes based on user roles. And yes, in your views and controllers you can use something like if(Auth::user()->hasRole('business')) when needed, but first you'll need to create the hasRole() method in your User model. If you feel it's getting complicated, you may try packages like laravel-permission and Entrust. I haven't tried them though :)
I am using Devise in a project and have followed the steps to get started with Devise being used in my app.
I have also generated Devise views to support registration for my user model. How can I make the backend registration of the user to be integrated with the view?
I read this link
https://github.com/plataformatec/devise/wiki/How-To:-Change-Default-Sign_up---Registration-Path-with-Custom-Path
and it suggests devise/sessions#new for both sign in and registration.
Is that an example ? How can I add actions that would enable validation of the fields ? How can I add a successful registration to my database ?
Currently the Signup button redirects and loops me to the same page with login buttons.
What action should I edit in my user controller? Or should I override devise registration controller ?
Any inputs would be helpful.
Coming to adding a successful user registration to the database devise should be able to do that automatically if you have set it up correctly. Only thing is that you have to try various options in routes file to set up the flow that you want. To add validation to fields you can make use of the rails helper method 'validates'.
I have a site with a page that contains some tabs and when selecting one, its content is retrieved from the server using an AJAX call. Every tab is loaded through a different controller. For example, I have a Customer page which contains Products and Clients tabs.
The site has different types of users with different permission levels.
What I want to do is to protect the controllers, and show the content of the tabs only if the logged in user has permission. So if a user without permission enters the url of the controller, it should redirect to the login page. The url is like this:
http://localhost/MyApp/Products/1
where 1 is the database ID of the product.
I can implement these 2 solutions but none of them is optimal:
Use the ChildOnlyAction attribute. I would mark the actions of the Product controller with this attribute and render the tabs from the main view using RenderAction. But it would mean that all the tabs on the page would have to be rendered, which is not optimal because I only want to load the data when the user clicks on the tab.
On every request to the Product controller, I would make a database query using the ID of the record to check if the user has permission to access it. But this means that for every request I would have to run an extra query.
I'm wondering if there is a better approach to this.
Similar to what Romias has suggested. You can combine the Authorize meta-attribute with a custom IAuthorizationFilter filter.
When you implement the Authorize meta-attribute you specify a list of users or roles that should have permission to that action. This lacks the ability to use a database to specify which ID's a user should have access to.
It is this ID-to-User mapping where the IAuthorizationFilter comes in to play. In the filter you can check the current user against the database.
A sample IAuthorizationFilter and its usage can be found on the following page:
http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx
Have you tried using Authorize filter to decorate the controllers you want to protect?
[Authorize(Roles = "UserType1")]
You could also extend the Authorize filter to add your own logic.
Here you can see an example of extending Authorize filter: https://stackoverflow.com/a/428266/7720