Laravel 5.8 Manual user approval? - laravel

I am new to laravel and before asking this question. I have read various other topics regarding this question sadly none of them helped me.
I have laravel 5.8 and use auth which I installed with:
php artisan make:auth
Now I read that I either need to make a middleware or edit the logincontroller. But what I want is the user to be redirected to a custom page that I already made saying they need to wait to be approved.
Could someone point me in the right direction and tell me which files I need to edit to achieve this?
I have already added a BIT column in the database table called is_approved which is auto set to 0.

In your
App/Htpp/Controllers/Auth
you'll find all the logic of authentication and registration of the user. Inside the controllers, you'll see this:
/**
* Where to redirect users after verification.
*
* #var string
*/
protected $redirectTo = '/home';
Last line is what you're looking for, it's pointing the view/route where your user will be redirected after the respective action.
Also, all your generated views when you run the make:auth command will be in
resources/views/auth
if you feel the need to modify them.

Go here. HomeController. Under return view('home'); change it to
if (Auth::user()->is_approved === "1"){
return view('home');
} else {
return view('welcome');
}
Where 'welcome' you can change to your custom page and '1' assumes the user has been approved. Remember to add use Illuminate\Support\Facades\Auth; to the top of that controller. I had that problem and came to read your post. Thought to drop what I did. It works for me

You need to build a user approval system. A common way is store an active state on the users table as a boolean MySQL column. Then check that column if a user tries to login. As for registration you need to write to the users table with an active state of 0 or false. It would be also great to trigger a notification to you the admin that "hey, you need to go approve a new user". It could be handled through Laravel Nova dashboard where ideally you only need to click a button.
It's not built into the Laravel framework but definitely seems like a good use case!

Related

Laravel 8 Redirect Authenticated User Until Data is Changed

Seems like there are a lot of posts related to authentication and redirects, but I can't seem to find exactly what I need. I feel like it should be simple.
So, we have a system whereby we want users to enable 2FA and change their passwords every 60 days. We are using Laravel 8 with Jetstream. I am doing a check on login (via modifying config/fortify.php), which works fine, if the password needs to be changed or if they don't have 2FA they get directed on login to their profile page and they see a message saying they need to update their details.
The problem is they can then navigate to any other page without updating anything. Ideally I want them to be redirected back to the profile page until they update their info.
We have the routes inside a middleware group:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
routes here
});
I thought I could just add a check before any routes load using Auth::user(), but the array is empty and therefore any vars accessed are null.
Auth::users()->role;
I was hoping for something like:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
if (pass needs resetting and current route isn't profile) {
redirect('/profile');
}
});
I'm assuming that Laravel doesn't authenticate the user until after the middleware has run? Not sure, but that would explain the null values.
So, how would you guys accomplish this? Do I need to modify a controller instead? I just need the user to stay on their profile page until they have updated their data, then they can proceed as normal.
Many thanks for your help.

Storing User Roles in Session Laravel

Hello there I am working on a project in Laravel in which i need to assign permission to each user so that i could verify on each blade file or controller function to check whether the current user has the permission to perform this. Moreover, the side nav links are also generated using these permissions dynamically.
I created two tables:
1: User => [ID, Name .....]
2: Permissions => [ID, Name, user_id(fk)]
To solve this problem, i have stored all the permissions of users in session at the time of login. So that i can verify all permissions on each page and generate links fetching from session.
Is that good approach or there is any better solution for this
It would be good if you had share more code but i can see what you are want to archive. Firstly you dont need to store in the Session because you have already a relation between user Object and Permission. Add to your User model this lines of code:
public function permissions() {
return $this->belongsTo(User::class);
}
Then you have access in your blade or controller to the permission. Small example in the controller:
$user = User::find(1);
dd($user->permissions);
// you can write a condition to check if user has Permission etc.
Yes you can store this is the session. But the more better option will be to get the permission through relation object like
user::find(1)->permissions()
Well if you're asking "better solution" ... but I Not sure if it's too late for this information since you're already developing the project. However, I would recommnend this package for your long term management (for both user and dev).
Spatie Laravel-permission package
It has Role based permission and Direct permission design (which is similar to your design). Once you installed the package then role and permission tables are created for you.
Once you created desired roles with permissions, it's easy for you to manage which page to allow for which role and which button show be shown.
You can check roles in your controller for those who can view this page.
In blade, you can check both roles and permission for which button to show or disable.
Hence, your don't need to worry about session settings or session expires. It's better for maintaining and development in future.
The Spatie package has simple syntax and easy to work with.
Installation:
composer require spatie/laravel-permission
Syntax:
Basic usage and syntax
There are plenty information or tutorials out there.

Laravel 5.3 determine redirection based on factors

I realize that I can change where my user is directed after login by changing
protected $redirectTo = '/home';
in the LoginController.php
However, I want to check if there are any items in a shopping cart and if so, direct the user to the checkout page. I may also check to see if they have purchased a service that is active and direct them to the dashboard, then anyone else to the homepage.
Anyone know how to apply some logic to the redirection?
You can override sendLoginResponse() method in app\Http\Controllers\Auth\LoginController.php to perform the check and redirect to whatever route you want.
Original sendLoginResponse() method is in vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php. Copy-paste it to LoginController.php and then work with it. Do not change anything in an original trait.

Getting the Current User

I am sorry for the dumb question, but I am new at this programming thing and having fun. How do I get the current user in a base Laravel Spark project? I know what the Laravel Spark documentation says, but I can't seem to get the information even with that. I guess I just need an example. Any help would be appreciated. :)
you can access the current authorized user by using the Auth facade. $user = Auth::user(); Make sure to add use Auth; at the top of your file!
Adding on top of this, if you just need something small like the logged-in users's ID, you can say Auth::id()

How to deny access to certain routes / views for users

I am trying to deny access for users other than the one with id=1 (in my case it's admin) to 'cpanel' (admin panel) view. I was trying to achieve this with ACL, but somehow I think that this is not the most correct way.
This is what I want to do in pseudocode version
if (isAdmin())
renderPage()
else
print "You are not allowed to view this page"
Reading documentation I found this line declared in custom Controller
$this->authorize('update', $post);
where 'update' is an ability defined elsewhere, and the $post seems to always be a model (use App\Post) that I don't know how to implement. I don't think that Laravel's documentation covers how to implement models for authorization.
How can I authorize a view? It's Laravel 5.2

Resources