I'm currently working on a Laravel project that is somewhat multi-tenant.
An administrator will be creating companies that are essentially the tenants, but a user can be part of multiple companies, each with a role or assigned individual permissions.
To make things more complex, a user can also be assigned to a project with a role, which will give them access to that project even if they aren't part of that project.
A user will be able to see all of their data that they're tied to on the same portal, so there is no switching tenants.
So permissions are getting awfully confusing with all the relationships.
The following are tables that I forsee being needed to set up the relationships like this:
user:
id
user_role (used for assigning admin users):
user_id
role_id
company:
id
user_company:
id
user_id
company_id
role_id
user_company_permission:
id
user_company_id
permission_id
permission:
id
name
role:
id
name
permission_role:
id
permission_id
role_id
project:
- id
- (other project related information)
project_user:
- id
- project_id
- user_id
- role_id
So basically, is there any easy way to manage all of these permissions?
It would be nice if when checking permissions, it would default check all user's companies and projects, but if one is passed in it limits it to that company or project.
I've looked into some permission plugins but I can't find anything that seems to suit my issue easily.
If the permissions of each role don't have to be dynamic you might be able to replace the role and permission tables with a Policies. Just add a role field to the user_company table (I would personally make it a string to be easier to read).
Then in the CompanyPolicy you can run checks like this:
/**
* Determine whether the user can view the object.
*
* #param \App\User $user
* #param \App\Company $company
* #return mixed
*/
public function view(User $user, Company $company)
{
$allowedRoles = ['admin', 'someotherrole'];
return $user->companies()->wherePivotIn('role', $allowedRoles)->count() > 0;
}
If later you do require dynamic permissions you could still add them in addition to this method and check the individual permissions before checking the role.
Related
I am very new into programming and trying to make some work on Laravel / Voyager.
I have a Customers table and on this table there is also Customer_Representative field where I can select / assign customer representatives from dropdown list.
What I am trying to achieve is I want each users with their assigned roles (Customer Representative) to list customers only assigned for them.
I am using this below code, but I am not able to see list of customers that other users created. I can only see the customers I / Admin created but If I login with their details I can see their assigned customers.
So as an admin I want to be able to see all customers, so I can also edit them with my login credentials.
public function scopeCurrentUser($query)
{
return $query->where('Customer_Representative', Auth::user()->id);
}
I saw many suggested to use if but I couldn't figure out how to do it.
Appreciate your supports !
If I understand correctly, you want to display:
admin users - all users
non-admin users - only assigned users
You can either change the query in controller, but if you want to do it in scope I suggest something like this:
public function scopeCurrentUser($query)
{
return $query->when(auth()->user()->is_not_admin, function ($q) {
$q->where('Customer_Representative', auth()->user()->id)
});
}
You change the auth()->user()->is_not_admin to your condition for non-admin validation. The scope utilizes the ->when() function to append the condition to query only if the condition (in this case if authenticated user is not an admin) is true.
So if authenticated user is not an admin, his query will be filtered by Customer_Representative.
In CloudCode, is there any utility function which I can determine that the current user belongs to a certain role?
Assume the following role hierarchy Admin->Manager->User
If I added user1 to the Admin role, this means if in cloud code if I query all the roles this user belongs to, then I will get immediate list of roles not hierarchy. I am wondering if there is a utility function that helps with this issue?
I have Model name Project and User by using laravel relationship.
- project and user using many to many relationship.
What i want is using laravel authentication giving roles to the user base on project.
Which mean :
user "Ali" have role "admin" in project "project a" ,
but in project "project b" the user "Ali" role is "member".
How can i implement it?
Problem fixed :
My solution is add additional data inside the project_users pivot table store as string role.
When create new project and add with additional data using :
$user->projects()->save($project, ['role' => 'Manager']);
When need to call it :
$user_role = $user->projects()->where('user_id', $user['id'])->first()->pivot->role;
It will return a string 'Manager'
and use it to assign the role.
$user->syncRoles($user_role);
Look at the following links which will help you to achieve it.
https://github.com/spatie/laravel-permission
https://www.itsolutionstuff.com/post/laravel-56-user-roles-and-permissions-acl-using-spatie-tutorialexample.html
You can add the Role data e.g. role_id with a separate Role table or just role in Project To User Pivot Table project_users and retrieve the role info from this relationship.
Check out this Saving Additional Data On A Pivot Table section at Update Many To Many Relationship Laravel Documentation.
I’d like to add session variable to Auth when the user logs in.
Where should that code be exactly?
Here’s my structure:
Group table (parent table):
Id
Currency
Client_type
User table (child table):
Id
Group_Id (FK)
Name
I’d like for the values of Currency and Client_type to be available globally in Auth.
Thanks, using Laravel 5.2
Auth::user() will have the logged in user object from which you should be able to access all its properties.
edit: if the currency is a property of a related model then you should have your relations set up, maybe something like this in the User model:
public function group()
{
$this->belongsTo(Group::class,'Group_Id');
}
and you access it then like so
Auth::user()->group->Currency;
BTW I'm not sure how the tables are related.
I am not a DBA, but I own a schema which hundreds of people access. For convenience, I created some roles, and assigned users to them. Since I own the schema and created the role, I feel like I should be able to quickly list all of the people in that role. Since I'm not the dba, I can't do:
SELECT * FROM DBA_ROLE_PRIVS;
The only way I can verify that I added users to the role is for me to check the orginal script I used to add users to the role. Am I missing something? I can list all of the objects the role has access to via:
SELECT * FROM role_tab_privs
WHERE OWNER = '<me>';
But I just can't see who gets to see those objects.
Thanks for any assistance!
Mike
You can try USER_SYS_PRIVS, USER_TAB_PRIVS, USER_ROLE_PRIVS
... where ROLE = 'whatever';
More info, and non-DBA views: here