I'm trying to write some tests for my admin panel using laravel voyager however there seems to be some issues doing some research i found that the problem may be have something to do with permissions
public function A_admin_user_can_visit_the_admin_page()
{
\DB::table('permissions')->insert(
['key' => 'browse_admin', 'id' => 1]
);
\DB::table('roles')->insert(
['name' => 'admin', 'display_name' => 'Administrator']
);
\DB::table('permission_role')->insert(
['permission_id' => 1, 'role_id' => 1]
);
$user = factory('App\User')->create(['role_id' => 1]);
$this->actingAs($user);
$this->get('/admin')->assertStatus(200);
}
This tests works fine given i have the correct permissions
public function A_admin_can_browse_users_data()
{
$this->admin();
$this->adminPermissions();
$this->adminRoles();
$user = factory('App\User')->create(['role_id' => 1]);
$this->actingAs($user);
$this->get('/admin')->assertStatus(200);
// dd(\Voyager::canOrFail('browse_bread'));
$this->get('/admin/users')->assertStatus(200);
}
Here this tests fails but I assure the functions admin adminRoles and adminPermissions have created the necessary db entries that give my user full access even when i die and dump the permissions i get true so it can't be the permissions is the problem something else is going wrong and I don't what it is any help would be appreciated.
Voyager directly require route file in web.php calling method Voyager::routes() because of it the laravel RouteServiceProvider doesn't know about the new route file in case of test environment. So, in order to fix this the issue I did this workaround.
Just add the below code in setUp() method of your test file.
Route::prefix('admin')
->namespace('App\Http\Controllers')
->group(base_path('vendor/tcg/voyager/routes/voyager.php'));
Related
I have a users, items, user_item tables. I need to populate the user_item table with a user_id and item_id when a user is created.
so far, I have a basic registration function
public function register(Request $request) {
$user = User::create([
'name' => $request->name,
'user_type' => $request->user_type,
'email' => $request->email,
'password' => bcrypt($request->password)
]);
$token = auth()->login($user);
return $this->respondWithToken($token);
}
So far it saves only to the users table ofcourse.
I've looked at some documentations on using attach(), however, I got stuck on this one..
In the register function, i added a $item array:
$item = Item::create([
'user_id' => !!!!, -> How do I get the id of the inserted user
'instrument_id' => $request->instrument_id
]);
$user->role()->attach($item)
Also, what is role()? is it a built-in laravel function?
Note that I haven't tried running this function since I got stuck on these problems. So I don't event know if it's gonna work.
Anyone help me on this one? I'm a laravel newbie and got really confused on the documentations.
the method create return the model it self after loading it's attributes from db,
so when you want the user id just use $user->id after create() method.
for the default permission that shipped with laravel it is
spatie/laravel-permission
and to assign role to a user you can use:
$user->assignRole('writer'); // just set role name
I need a variable for my admin dashboard, so my guess is to put something inside cache so I can do I can access it in my admin layout-template.
I need to merge 2 config files with links:
$dashboard_links = \Auth::user()->hasRole(['root', 'admin'])
? config('dashboard')
: config('dashboard-user');
$taxonomies = Config::get('taxonomies');
foreach ($taxonomies as $name => $config)
{
$original_array = array_splice( $dashboard_links, $config['order'], 0 );
$dashboard_links = array_merge ($original_array, [$name => $config], $dashboard_links);
}
I want the $dashboard_links available in the base template "resources/views/layouts/master.blade.php".
But I don't want to create the variable on each page request or put it in every controller. It's only needed when someone is logged as an administrator and visits any admin page.
I am not that good in programming so I don't know what is the best approach.
These are my routes if helpfull:
Route::group(['middleware' => ['role:admin']], function()
{
// edit post form
Route::get('post/edit/{slug}', [
'as' => 'post-edit',
'uses' => 'Post\AdminController#edit'
]);
Route::get('medialibrary/edit/{id}', [
'as' => 'media-edit',
'uses' => 'MediaLibrary\MediaController#edit',
])->where('id', '[0-9]+');
// and so on...
});
You should consider using a view composer https://laravel.com/docs/5.6/views#view-composers
View composers allow you to pass variables to all views associated with the composer.
So you would register a new service provider to associate your composer to specific routes. Then in your composer poplate the variable, and pass it to all admin views.
I am writing a Laravel 5.2 application. I need to manually login the user for which I am using \Auth::login($user). I am doing it in following way.
if ($user = User::where('phone',session('phone'))->first())
{
\Auth::login($user);
// \Auth::loginUsingId($user->id);
// Auth::attempt(['email' => $user->email, 'password' => 'password']);
$data = \Auth::user(); //returning correct results
}
I have tried all the options namely Auth::login($user), Authh:loginUsingId($user->id) and attempt method. These methods are working fine as the $data variable is storing the object of correct user. But the problem is when I move to other route say '/home' the user remain no more authenticated.
What might be the wrong here? How could I do it correctly?
Since Laravel 5.2, you have to attach all your routes that need session with the 'web' middleware. See your app/Http/Kernel.php, the 'web' middleware contains the \Illuminate\Session\Middleware\StartSession.
In routes you have to use web in laravel 5.2
Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('/', 'HomeController#index');
Route::get('/profile', 'HomeController#profile');
});
Im new to Cartalyst Sentinel and this concept of ACL. I've managed to create a user, perform activation and login and logout.
I'd like to take my learning to the next level. I would like 2 types of Users on this laravel app. 1 is Administrator another is Subscriber. I'm assuming my account creation method should by default create the user a subscriber.
public function postCreate() {
/* Validation */
$validation = Validator::make(Input::all(), [
'email' => 'required|email|max:50|unique:users',
'username' => 'required|min:3|max:20|unique:users',
'password' => 'required|min:6',
'password_repeat' => 'required|same:password',
]);
if ($validation->fails()) {
return Redirect('login')->withErrors($validation)->withInput();
} else {
$credentials = Input::all();
$user = Sentinel::register($credentials);
$activation = Activation::create($user);
$activation_code = $activation->code;
if ($user) {
Mail::send('emails.auth.activate', ['link' => URL::route('account-activate', [$user->id, $activation_code]), 'username' => $user->username], function($message) use ($user) {
$message->to($user->email, $user->username)->subject('Activate your account');
});
return Redirect::route('home')->with('global', 'Thank you for registering! We have sent you an email to activate your account');
}
}
}
Do i alter the code like so
$user = Sentinel::register($credentials);
$user = Sentinel::findById(1);
$role = Sentinel::findRoleByName('Subscribers');
$role->users()->attach($user);
The thing is i have not even created any roles to begin with. Where do we write that functionality? Right now i have the following Controllers
AccountController - handles activation
AuthController - handles login/logout
RegistrationController - handles registration of user
RolesController - i've not written anything inside here yet. Im a bit lost.
Please guide me. Any help is greatly appreciated.
You do not need to do a search for your user if you already registered them, the register method returns the user.
You can do the following to attach a role to a user:
$user = Sentinel::register($credentials);
$role = Sentinel::findRoleByName('Subscribers');
$role->users()->attach($user);
// OR
$user->roles()->attach($role);
you have both a user and a role object and they have a many to many relation so it doesn't matter which one you use.
You will need to create a db seeder or a method to create your permissions. But to create your Subscribers Role you will need to do the following:
Sentinel::getRoleRepository()->createModel()->create([
'name' => 'Subscribers',
'slug' => 'subscribers',
'permissions' => [
'user.view' => true,
'user.delete' => false,
// any other permissions you want your Subscribers to have
]
]);
A similar call can build your Administrator roles as well.
Your Roles Model and Controller are already built for you, you just need to access them through Sentinel, which you already have Sentinel::findRoleByName('Subscribers'); call.
Cartalyst has some pretty decent documentation about setting up roles and permissions for your users:
https://cartalyst.com/manual/sentinel#roles
https://cartalyst.com/manual/sentinel#permissions
It's just a matter of figuring out what you want each role to do or not do.
Also, you can set specific permissions per user to override the role permissions.
Sept 2 update:
This has become a very difficult puzzle to solve. Setting up a basic auth, which is all that I want, should involve very few steps. I have done many tests, adding and removing code, reviewing the cake manual, reading tutorials and going step by step through the cakePHP 1.3 application development cookbook by Mariano Iglesias - good book. http://goo.gl/93BGw
But the problem I'm still facing is that the app controller is the only place the 'allowed' actions work. In individual controllers the parent:beforeFilter doesn't get recognized and I'm redirected back to the users login page.
Any help with this is really appreciated. What I'm wondering is how I might debug this type of problem. Are there any other configuration settings I should look at, like 'prefix routing'?
=======================
Sept 1 update:
After a lot of testing what appears to be the issue is that the 'before:filter' in individual controllers isn't being recognized. Example in the post controller:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow = array('edit');
}
Has anyone had this happen before? I've referred to the cakePHP manual as well as many online articles and tutorials and it doesn't make any sense to me. I've even tried to build a simple application with just the users and post controller and still, the before:filter settings in each controller aren't being recognized.
=======================
Original question.
I am using the Cakephp auth component to manage an admin section. This is using version 1.3.11
The problem I'm having is that even with allowed actions in each controller, I'm being redirected to the user login page.
Here is what's in the app controller:
class AppController extends Controller {
var $components = array(
'Auth' => array(
'authorize' => 'controller'
),
'Session',
'RequestHandler'
);
public function isAuthorized() {
return true;
}
function beforeFilter(){
$this->Auth->authorize = 'controller';
$this->Auth->fields = array('username' => 'username', 'password' => 'password');
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->authError = 'Please login to view that page ';
$this->Auth->loginError =' The user name or password you entered did not work, please try again ' ;
$this->Auth->allow('display');
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'logout');
$this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'home');
}
This is what's in the users controller:
class UsersController extends AppController {
var $name = 'Users';
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow = array('add');
}
This is what's in the posts controller:
class PostsController extends AppController {
var $name = 'Posts';
var $components = array('Session','RequestHandler', 'Email');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow = array('edit');
}
What I do find is that after I've logged in I'm able to access the home page, as expected. Then when I go to the logout the session isn't entirely destroyed so I can go back to the 'admin' section.
I did try using $this-session('destroy'); in the logout action, but when I did the allowed actions didn't work again.
Does this make sense? Shouldn't allowed actions be independent of a current session?
Thanks, Paul
Make sure you are not using requestAction in any of your elements or views, make sure that the actions called by requestAction are allowed too.... this should fix it.
For the one when you logout and I can still access admin section: the logout() should have $this->redirect($this->Auth->logout()); It should clear the Auth session data.
Here's what I suggest for the beforeFilter() in appcontroller:
function beforeFilter(){
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'dashboard');
}
and for the pages controller: $this->Auth->allow('display', 'view');