I am using using Laravel Spatie for User Permission for my api. The version is Laravel-5.8.
OrderController
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Order;
use App\User;
use App\Student;
use App\Guardian;
class OrderController extends Controller
{
public function index(Request $request)
{
if(!Auth::user()->hasPermissionTo('View Order'))
return response()->json([ "message" => 'User do not have permission'], 401);
return response()->json(::with('order_detail')->get(), 200);
}
public function store(Request $request)
{
if(!Auth::user()->hasPermissionTo('Add Order'))
return response()->json([ "message" => 'User do not have permission'], 401);
$request->validate([
'week_day' => 'required|integer',
'start' => 'required',
'end' => 'required',
'amount' => 'required',
'full_name' => 'required'
]);
$orders = Order::create($request->all());
return json_encode($orders);
}
public function show($id)
{
if(!Auth::user()->hasPermissionTo('View Order'))
return response()->json([ "message" => 'User do not have permission'], 401);
return json_encode(Order::findOrFail($id));
}
}
api.php
Route::group([
'middleware' => 'auth:api'
], function () {
Route::get('order/mobile', 'OrderController#mobile');
Route::resource('order', 'OrderController', ['only' => ['index', 'show', 'store', 'update', 'destroy']]);
});
I want anyone that get to the site to be able to create, store and send order without the need to login. However, permission is needed for index, update and delete. There should not be permission for that. How do I adjust my controller and api.php to achieve this expected result to create and store order?
auth middleware on your route group is preventing all unauthenticated users from accessing them. You can either remove the middleware or create two groups where index, update, and delete is under auth middleware and the second group without auth for other routes.
If you remove the middleware from the route group you can add it to specific methods in your controller like so
public function __construct()
{
$this->middleware('auth')->only(['index', 'update', 'destroy']);
}
and of cource you can also specify spatie middleware
public function __construct()
{
$this->middleware('role:Contributor')->only(['index', 'update', 'destroy']);
}
However, you can also manualy test within your controller methods for various user permissiosn
if ($user->hasRole('Contributor')){};
This way you can allow unauthenticated users to perform some actions but restrict some actions to auth users.
Related
I'm trying to make a register page with role as a radio button(consumer, supplier, Admin)
but it show me this error when I test the query in postman
Error: Class "App\Http\Models\Role" not found in file
my controller:
public function register(Request $request)
{
$request->validate([
'first_name'=>'required|string',
'last_name'=>'required|string',
'email'=>'required|string|unique:users',
'password'=>'required|string|min:6',
'phone_number'=>'required|string|min:10',
'role_name'=>'required|string'
]);
$role_a = $request->role_name;
if ($role_a == 'صاحب متجر'){
$role=Role::select('role_id')->where('role_name','صاحب متجر')->first();
$user->roles()->attach($role);
return response()->json($user);
}
elseif ($role_a == 'مشتري'){
$role=Role::select('role_id')->where('role_name','مشتري')->first();
$user->roles()->attach($role);
return response()->json($user);
}
$user=User::create([
'first_name' => $request->first_name,
'last_name' => $request->last_name,
'email' => $request->email,
'password' => Hash::make($request->password),
'phone_number' => $request->phone_number,
]);
And my use statement:
use Illuminate\Http\Request;
use App\Http\Models\User;
use App\Http\Models\Role;
use Illuminate\Support\Facades\Hash;
And my route:
Route::post('/register','App\Http\Controllers\AuthController#register');
and this what I have in tables:
Note: I didn't use custom packages like spatie for example
Thank you for trying to help!
You miss adding the Request class as an argument into your method. Your method should look like this:
public function register(Request $request)
{
//after validation
$data = $request->validated();
}
Dont forget to add use Illuminate\Http\Request; in your use statement.
I can't understand what is happening here. on my local server its working fine but when I put everything on my live server I'm having this error
My web Route
Auth::routes(['verify' => true]);
Route::get('/', function(){
return view('auth.login');
})->name('auth.login')->middleware('auth');
Route::resource('/register', 'Auth\registerController#index')->name('register');
Route::group( ['middleware' => 'auth' ], function()
{
Route::get('/home', 'HomeController#index')->name('home');
Route::group(['namespace' => 'dashboard', 'prefix' => 'dashboard'], function() {
Route::get('/', 'DashboardController#index');
});
SO ON...
}
My RegisterController
class RegisterController extends Controller
{
use RegistersUsers;
protected $redirectTo = '/home';
public function __construct()
{
$this->middleware('guest');
}
public function index(Request $request)
{
$referral = '';
$keyword = $request->get('search');
$referral = Referral::where([
['code', $keyword],
['status', 0]
])->first();
if (is_null($keyword))
return view ( 'Auth.register');
elseif ($referral)
return view ( 'Auth.register', compact('referral', $referral))
->withDetails ( $referral )
->withQuery ( $keyword );
else
return view ( 'Auth.register')->withMessage ( 'The code you provided is not existing or already been taken.' );
}
protected function create(array $data)
{
$user = User::create([
'name' => $data['name'],
'country_code' => $data['country_code'],
'phone_number' => $data['phone_number'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
}
}
registerController Path
what do you this causing this?
Thank you in advance!
this line of code in your web.php file is causing the issue
Route::resource('/register', 'Auth\registerController#index')->name('register');
your class name starts with R but you have written using r. moreover it seems the route is a simple get route but you have written it as resource. change this too. so the route should be like
Route::get('register', 'Auth\RegisterController#index')->name('register');
How did you namespace your registerController?
Because laravel later versions use a rather different namespace than previous versions. Hence change your namespace (and imported files) to this;
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
If you are using laravel 8:
use App\Http\Controllers\Auth\RegisterController;
Auth::routes(['register' => false]);
Route::get('/user_register', [RegisterController::class, 'showRegistrationForm'])->name('register');
However it throws this error when I clean cache:
Unable to prepare route [user_register] for serialization. Another route has already been assigned name [register].
The new route works, but the old route yet it works
I simply want to add an action to a form and I am trying as follows:
{{ Form::open(['action'=> ['AuthController#login'], 'method'=>"POST",'class'=>'login-form']) }}
But I am getting the following error:
Action App\Http\Controllers\AuthController#login not defined. (View: D:\server\htdocs\PMS\resources\views\custom_auth\login.blade.php)
I configure laravel collective Html. Whats wrong in my code?
Update:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Validator;
use Auth;
class AuthController extends Controller
{
function show(){
return view('custom_auth.login');
}
public function login(Request $request){
print_r($request); exit;
$this->validate($request,[
'email' => 'required|email',
'password' => 'required|alphaNum|min:3'
]);
$user_data = array(
'email' => $request->get('email'),
'password' => $request->get('password')
);
if(Auth::attempt($user_data)){
return redirect('/dashboard');
}else{
return back()->with('error','Wrong Credential');
}
}
}
You don't need to put your action inside an array when using Form helper so try:
{{ Form::open(['action'=> 'AuthController#login', 'method'=>"POST",'class'=>'login-form']) }}
And of course, make sure that a public login() method exists inside your AuthController
Also, do not forget to add this in your routes file, routes/web.php:
Route::post('login', 'AuthController#login');
I hope it helps
The first auth system works very fine its code is below and needed to have to different users using two different tables am using laravel 5.5
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\User;
use Illuminate\Support\Facades\Auth;
class StudentController extends Controller
{
public function Register(Request $request)
{
$firstname = $request['firstname'];
$othername = $request['othername'];
$email = $request['email'];
$password = $request['password'];
$user = new User();
$user->firstname = $firstname;
$user->othername = $othername;
$user->email = $email;
$user->password = $password;
$user->save();
Auth::login($user);
return redirect()->route('studentDashboard');
}
public function Login(Request $request)
{
if(Auth::attempt(['email'=> $request['email'], 'password'=>
$request['password']]))
{
return redirect()->route('studentDashboard');
}
return redirect()->back();
}
}
i duplicated the above to create auth for a different user.The registration works but the login does not work even if the login data is right it returns the redirect back after the if statement
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Employer;
use Illuminate\Support\Facades\Auth;
class EmployerController extends Controller
{
public function createEmployerAccount(Request $request)
{
$companyName = $request['companyname'];
$companyEmail = $request['email'];
$companyPasword = $request['password'];
$Employer = new Employer();
$Employer->companyname = $companyName;
$Employer->email = $companyEmail;
$Employer->password = $companyPasword;
$Employer->save();
Auth::login($Employer);
return redirect()->route('employersDashboard');
}
public function signInEmployer(Request $request)
{
if(Auth::attempt(['email'=>$request['email'],
'password'=>$request['password']]))
{
return redirect()->route('employersDashboard');
}
return redirect()->back();
}
}
when i try to change the 'email' to 'emails' an error is shown->the select query is from the users table not employers table that i need to get data from and also when i change 'password' to 'passwords' an error "undefined index password" is shown
this is the route file content
Route::get('/',function(){
return view('pages.index');
})->name('home');
Route::post('/signup',[
'uses'=>'StudentController#Register',
'as'=> 'signup'
]);
Route::post('/signin',[
'uses'=>'StudentController#Login',
'as'=>'signin'
]);
Route::get('/employers',[
'uses'=>'PageController#employersPage',
'as'=>'employers'
]);
Route::get('/studentDashboard',[
'uses'=>'PageController#getStudentDashboard',
'as'=> 'studentDashboard'
]);
Route::post('/createcompany',[
'uses'=>'EmployerController#createEmployerAccount',
'as'=>'createcompany'
]);
Route::post('/signInEmployer',[
'uses'=>'EmployerController#signInEmployer',
'as'=>'signInEmployer'
]);
Route::get('/employersDashboard',[
'uses'=>'PageController#getEmployersDashboard',
'as'=> 'employersDashboard',
'middleware'=>'auth:employer'
]);
Route::post('/createPost',[
'uses'=>'PostController#postCreatePost',
'as'=> 'createPost'
]);
You need to tell Auth to use different Guard for authentication at time of Employer login. To define guards for Employer change like this in your config/auth.php.
Look for guards section in auth.php and add your new guard
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'employer' => [
'driver' => 'session',
'provider' => 'employers',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
Now in the same file there is a providers section. You need to add employers provider
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
//Employer provider
'employers' => [
'driver' => 'eloquent',
'model' => App\Employer::class,
],
],
Create a custom Auth middleware
namespace App\Http\Middleware;
use Closure;
use Auth;
class AuthenticateEmployer
{
public function handle($request, Closure $next)
{
//If request does not comes from logged in employer
//then he shall be redirected to employer Login page
if (!Auth::guard('employer')->check()) {
return redirect('/signInEmployer');
}
return $next($request);
}
}
Register custom auth middleware in Kernal.php in routeMiddleware
'employerAuth' => \App\Http\Middleware\AuthenticateEmployer::class,
Now we have setup our custom guard and custom middleware employerAuth
EmployerController
class EmployerController extends Controller
{
//either you have to define this or you can use `Auth::guard('employer')->attempt($credentials)` in login
protected function guard()
{
return Auth::guard('employer');
}
public function signInEmployer(Request $request)
{
if(Auth::attempt(['email'=>$request['email'],
'password'=>$request['password']]))
{
return redirect()->route('employersDashboard');
}
return redirect()->back();
}
}
For all the routes protected by Employer auth, you either need to add middleware employerAuth in routes or add employerAuth in each controller construct like this
public function __construct()
{
$this->middleware('employerAuth');
}
Hope it may help you. For details you can check this https://laravel.com/docs/5.6/authentication#authenticating-users
Check this nice sample app for multi auth application https://github.com/yskoverride/Various2.0/tree/master/app
I'm creating a contact form in Laravel 5. The contact form is on homepage and when a user fills it out then clicks the submit button, laravel sends the email using mandrill and just refreshes the page. The code works perfectly on my Local environment. However on digital ocean droplet when a user clicks the submit button, domain.com/contact route is being triggered and I can only see a blank page.
Here is my controller
<?php namespace App\Http\Controllers;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Http\Requests\ContactFormRequest;
use Illuminate\Http\Request;
class ContactController extends Controller {
public function create() {
return view('forms.contact');
}
public function store(ContactFormRequest $request) {
\Mail::send('emails.contact',
array(
'name' => $request->get('name'),
'email' => $request->get('email'),
'user_message' => $request->get('message')
), function($message)
{
$message->from('info#pbl-landing.com');
$message->to('muhammetergenc#gmail.com', 'Admin')->subject('Contact Request');
});
return \Redirect::route('index')->with('message', 'Thanks for contacting us!');
}
}
Here is my routes.php file
Route::get('/',
['as'=>'index', 'uses'=>'WelcomeController#index']);
Route::get('home', 'HomeController#index');
Route::controllers([
'auth' => 'Auth\AuthController',
'password' => 'Auth\PasswordController',
]);
Route::get('contact',
['as' => 'contact', 'uses' => 'ContactController#create']);
Route::post('contact',
['as' => 'contact_store', 'uses' => 'ContactController#store']);