I am trying to Authorize Guest to show login form if not logged in.
#can('guest')
Let's Start
#endcan
Where do I need to define guest
By default, the Blade templating engine provides so-called authentication directives which determine whether a user is authenticated or not:
#auth
// User is authenticated.
#endauth
#guest
// User is not authenticated.
#endguest
The answer from prd is a very good approach and will work in newer laravel version. (Probably from 5.5)
However if you still want to use can('guest') format, you can do that.
You need to put your custom blade directive in AppServiceProvider.php file and inside boot method.
Blade::if('can', function ($role) {
if($role=='guest'){
return !(auth()->check());
}
// you can also put codes for can('admin') etc
// the return value should be true or false.
});
For more information you can read this.
Related
Trying to show the current signed in user's profile. What am i doing wrong.This is the function on the controller. I'm using Laravel 9
public function show(User $user)
{
return view('users.index', with('user', $user));
}
This is the routes
Route::resource('users', UsersController::class)->middleware('auth');
And my generic layout page
<x-dropdown-item href="/users/{{ auth()->user()->username }}" >Account</x-dropdown-item>
When i click the link i get user not found.
You're utilising route model binding which unless configured otherwise, requires you to provide a route with a model id. You're providing it with a username, so Laravel is throwing a 404 because it can't locate the relevant record in the database.
If you replace username with id, the binding should work.
<x-dropdown-item href="/users/{{ auth()->user()->id }}">
Account
</x-dropdown-item>
The code is fine. Are you sure you have a route with username, resource routes are using id.
To access model like that you need to specify id in the route like:
/users/{id}
However what you are trying to do here is access the logged in user model which you can access with the facade Auth::user();
You can access the user any time any where in the code and there is no need to pass it to an anchor link unless sending to an external system.
I have a page in my web app that should be blocked from logged in users. Similar to how a login or register page should not be accessible to already logged in users. I accomplished this by using guest middleware in controller constructor.
$this->middleware("guest")->only("page_action"); // like this
In this setup, if logged in user tries to visit that page they get redirected to home page. But I need to show a 404 not found page instead of redirecting. How can I do that?
In short, how can I make a page accessible to guest only and make it look like it does not exist to logged in users?
The guest logic is inside inside App\Http\Middleware\RedirectIfAuthenticated.
if (Auth::guard($guard)->check()) {
abort(404)
}
return $next($request);
Otherwise, you need to create a new middleware like #Atiqur suggested.
In your method just check if the user is loggedIn, if then abort to 404 like below...
if(\Illuminate\Support\Facades\Auth::check()) {
return abort(404);
}
#Rest of the code is for guest user.....
#
I am trying to get user's unread notifications though my controller.
This works:
public function notifications(){
return \App\User::find(auth()->user()->id)->unreadNotifications()->limit(5)->get();
}
This doesn't, it returns an empty collection:
public function notifications(){
return auth()->user()->unreadNotifications()->limit(5)->get();
}
Could you tell me what I am missing? Thanks in advance.
Using Laravel 5.8 with Backpack 3.5.
The default auth guard of Laravel is overwitten to use Backpack auth in backpack routes, using the UseBackpackAuthGuardInsteadOfDefaultAuthGuard middleware of the permissions manager package. In the rest of the controller auth() and backpack_auth works normally.
Try this:
public function notifications()
return Auth::user()->unreadNotifications()->limit(5)->get();
}
As said in the docs:
You may access the authenticated user via the Auth facade:
Alternatively, once a user is authenticated, you may access the authenticated user via an Illuminate\Http\Request instance. Remember, type-hinted classes will automatically be injected into your controller methods:
Auth and auth() likely don't work here because you're using the Backpack For Laravel authentication which uses a different guard than the default one Laravel uses.
This would probably work for you:
backpack_user()->unreadNotifications()->limit(5)->get();
If that works, here's why:
If you take a look at project/vendor/backpack/base/src/helpers.php you'll see that backpack_user() is an alias for backpack_auth()->user() and backpack_auth does a:
return \Auth::guard(backpack_guard_name());
That's the important bit because it grabs the guard defined config/backpack/base.php (which is backpack by default) and uses that instead of Laravel's default guard of web.
i have a Laravel 5.4 application where i do all Authentication based logic through PHP and then redirect the user to a catchAll route when they are authenticated, and let VueRouter take it from there...
I'd like to also use Entrust because my app will have several types of users and some elements (like an Edit User button) will only be visible to some user Roles.
I might also want to implement specific permissions, like some Admins can edit user Permissions, while others do not.
The issue is, alright i'm in Javascript territory now, so how do i know what my current Auth user is? Setting a global JS variable for Auth::user doesn't seem like a good idea to me.
Perhaps i would instead pass just an ID, but how exactly without making it globally visible as a window variable?
I think you may create an auth/check API call, like this:
protected function check()
{
if(Auth::guard('api')->check()) {
return Auth::guard('api')->user();
}
return ['success' => false];;
}
And then get current user with this call.
I am building an administrative back-end and thus need to hide public user registration. It appears that if you want to use the built-in Illuminate authentication you need to add
use AuthenticatesAndRegistersUsers to your controller definition. This trait is defined here.
It appears as if it is impossible to disable registration if you want to use the built-in auth handlers... can someone show me wrong?
I'm using Laravel 5.2+ and I found that if you remove the Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers and use just Illuminate\Foundation\Auth\AuthenticatesUsers does the trick too.
Though /register is still accessible and will throw a fatal error.
This page talks about overriding the auth controller. Its worth a read, at a basic level it seems you can add the following lines to app\Http\Controllers\Auth\AuthController.php :
public function getRegister() {
return redirect('/');
}
public function postRegister() {
return redirect('/');
}
So if a user accesses the registration url it will redirect them away to a place of your choosing.
You can have your own form of registration. The only thing Laravel does is make it easy to authenticate on a users table because they create the model, build the db schema for users and provide helper methods to authenticate on that model/table.
You don't have to have a view hitting the registration page... But if you want to use the built in auth you still need to use (or set) a Model and a driver for database connections.
You can just remove that view and/or controller method from the route that links to the registration view and create your own (or seed the database manually).
But, no, you cannot forgo using Eloquent, and the User model and expect to use built in auth. Built in authentication requires that you specify settings in /config/auth.php. You may specific a different model (other than User) and you may specify a different table, but you cannot forgo the configuration completely.
Laravel is very customizable though, so you can achieve what you are looking to do... plus why not use Eloquent, it's nice.
Based on #shoo's answer, working with Laravel 5.2
Add the following lines to app\Http\Controllers\Auth\AuthController.php :
public function showRegistrationForm() {
return redirect('/');
}
public function register() {
return redirect('/');
}