Laravel Multi table auth - laravel

I have three tables
Admins for admin,
Teachers for teacher,
students for student.
Each of these users have their own dashboard (AdminDash, TeacherDash, StudentDash). Now all I want to do is, each user are sent to their respective dashboard after login. Is it even possible to do so.
Also can this be done using single login form or do I need to create different login form for each case and different controllers to authenticate.
Edit:
Actually, here teachers and students fill different registration forms with different value so I don't want to store them in same table. And admins is for admin and superadmin who run the site. Also the dashboard they use after login are different.

I published a custom laravel for manage multi auth in one laravel project. In example branch I commit step by step for describe everything you most know. larasin
Also can this be done using single login form or do I need to create different login form for each case and different controllers to authenticate.
You can create a login form component an use it every where you want.

First extend your 3 tables with Authenticable like:
class User extends Authenticatable
Then in your config/auth, set up the providers like:
'teachers' => [
'driver' => 'eloquent',
'model' => App\Models\Teacher::class,
],
Then you should be able to auth::attempt your model instance.
Do let me know if this doesn't work, I am pretty new in Laravel also :) cheers!
p/s: I do think it is better to just use a user table with a "role" column, however I believe you probably have different columns needed for each of these user groups. But you can still use new tables such as "teacher_profiles","user_profiles" for those columns, and you can refer to different tables according to your role.
For example, if "teacher" role_id is 3, then if user role==3, you will refer to "teacher_profiles" table.

Related

Laravel multi-auth different table for admin and user but one login page

Is it possible to have two different tables for users and admin but one login page? I already used middleware and Spatie permission, but I need them to separate because some info doesn't match if they are together in one table.
For example:
Admin needs name, employee number. At the same time, users need a name, address, student number, etc.
I need suggestions on how to do that to study it.

What is the better wat ro create admin role in Laravel?

I want to create simple SPA with admin-panel. I did panel and fronted part. Now I have two solutions way:
Use enum type of row in database: $table->enum('role', ['user', 'admin]);
Create another 'roles' table and insert there: 'user' and 'admin'
Which is the better way and why?
Always try to go for the simplest, clearest solution. As long a you only have 2 roles, admin and user, and a customer can only have one role, the first solution is much easier.
Defining a new table would give unwanted complexity, and also to ask for each user it's role from a different table could be timeconsuming.
Perhaps if you have more roles, and a user can have multiple roles, the second solution is more clear.

How to add 'OR' condition to call middleware on Laravel Routes?

I want to add 'OR' condition with middleware on laravel routes for Role and Permission. Can anyone please help me here. Below is the code which I am trying currently through some internet research but it is not working.
Route::get('get-all-users', 'API\Admin\AdminController#get_all_users')->middleware(['role:admin' OR 'permission:view.all.users']);
In this scenario, you will need to change the DB structure a bit. Tables would look like:
Actions
Roles
Role_action_mapping => This will have foreign keys of both the above tables as a many to many relationship.
Now, every action should have a role assigned to it. So, the permission view.all.users will have an entry in the table with admin(or any desired role) assigned to it by it's side in Role_action_mapping.
So all you will have to do is have a single middleware say permission:view.all.users on the route and just check if the current role of the user has an entry with view.all.users in the Role_action_mapping table.

One model, one table different user types and different controllers, how to handle policies?

I have one model user and one table against that model users I have different roles for user as patient, hospital and so on, each user have different fields and values to enter during registration so I have created different routes and controllers for different roles.
Now I'm facing problem during authorization process how I can authorize. I have only one model user so I can create only one policy called UserPolicy and use the $this->authorize method in the UserController.
I have also other controllers as PatientController, HospitalController which all bound to the one table and model called user and fetching the record only based on the user type. Now how can I create the policies for them and use the $this->authorize method in the Hospital, Patient controllers?
you are using the same table and you require different data from each kind if user ?
anyway if that the situation , you can create a type field in the users table , then create 2 middlewares , in your middleware check the type of the user then throw an exception or make him pass

Laravel authorization via email, password and additional field

Out of the box Laravel authorizes users by matching email (default - can be overridden) and password.
Is it possible to authorize user using 3 fields, e.g:
email
password
group
... where 'group' is some additional field from 'users' database.
In other words, user can belong to group:1 and can login to group:1 resources only, but not to group:2 using his group:1 credentials.
If user belongs to group:1 and group:2, then he needs different credentials to login to either group.
Additionally, user can use same email for both groups. In such case it is group number that would act as additional identifier. And of course passwords would be different.
I am thinking setting a database multiple column index on fields 'id' and 'group' would be a good start, but I fail to grasp (yet), what would be required to make Laravel authorization process sensitive to 3 fields, instead of 2.
I would appreciate some pointers.
This sounds like you're trying to achieve a form of tenancy on data belonging to certain groups only. Have a look at this package:
https://github.com/HipsterJazzbo/Landlord
In essence, you would add a group_id field to the tables where you wish to restrict access and then using middleware, apply an additional where('group_id', Auth::user()->group_id) clause to any database queries. This works very well for retrieving subsets of data belonging to specific users by their role, for example.

Resources