Same route in multiple role and route group? - laravel

I have route which I want to authorize on more than 1 one role.I have created 2 route group one is admin and other one is employee and there is a route abc.com/abc which I want to accessible on both roles. Admin routes are:
Route::group(['middleware'=>['auth','role:admin|hr-manager|manager ']],function(){
Route::get('employee',['as'=>'employee','uses'=>'EmployeeController#employeeList']);
Route::get('leave-type',['as'=>'leave.type','uses'=>'LeaveController#getLeaveType']);
}
Employee routes are:
Route::group(['middleware' => ['auth','role:employee']], function(){
Route::get('leave-type',['as'=>'leave.type','uses'=>'LeaveController#getLeaveType']);
}
Now when i login with admin i can't access leave-type route because admin user doesn't have employee role but when i assign admin user to employee role it will be accessible, and admin user can not be an employee so how can i accessible this route on both role.
Using laravel 5.4 and zizaco/entrust for ACL system. so please let me how what type of problem is this and how can get the solution.
Thanks in advance.

If you need more routes that are available to a base group and then a specific subset for others I'd suggest to reorganize the routes file to something as follows:
Route::middleware(['auth'])->group(function () {
//Routes available to all users
Route::get('leave-type',['as'=>'leave.type', 'uses'=>'LeaveController#getLeaveType']);
//Routes available to employees
Route::middleware(['role:employee'])->group(function () {
});
//Routes available to Admin, HR Manager and Manager
Route::middleware(['role:admin|hr-manager|manager'])->group(function () {
Route::get('employee', ['as'=>'employee', 'uses'=>'EmployeeController#employeeList']);
});
});

Related

Getting laravel to use a different route when logging in

I'm trying to do this thing where if the user logging is an admin then Laravel needs to send them to the admin route and if the user is a customer then it needs to send them to the customer route.
I'm not sure how to go about doing this.
Any help would be much appreciated.
users table add new column role different role admin user and customer
and login controller check role and return view with different route
$user= Auth::user()->role;
if ($user->admin){
return redirect()->route('')
}else if($user->user){
return redirect()->route('')
}else{
return redirect()->route('')
}

Laravel 7 - Why i can't using the same route in different group of routing?

So i have this code in my route :
// Facilitator Priviledges
Route::group(['roles'=>'facilitator'],function(){
//Material
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
//Admin Priviledges
Route::group(['roles'=>'admin'],function(){
Route::resource('/categories', 'CategoriesController');
//Material
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
It has the same route, in this case, Material Route that both admin and facilitator roles can access it, but when the code runs it can be only one role that working fine (I'm using admin) and the other giving error (503) Servive unavailable
You can refer to this to this Question
Or you can refer to Laravel Policy
or you can simply create your own policy and register it in your middleware.
Route::group(['middleware' => ['admin', 'facilitator']], function () {
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
If you want to use the cascading ability of the groups, this is how you would nest them:
Route::group(['roles'=>'admin'],function(){
Route::resource('/categories', 'CategoriesController');
Route::group(['roles'=>'facilitator'],function(){
Route::get('/material', 'MaterialController#index');
Route::post('/material', 'MaterialController#store');
Route::get('/material/{course:id}/create', 'MaterialController#create');
Route::get('/material/detail/{course:id}', 'MaterialController#show');
Route::get('/material/{material:id}/edit', 'MaterialController#edit');
Route::patch('/material/{material:id}', 'MaterialController#update');
Route::delete('/material/{material:id}', 'MaterialController#destroy');
});
});
In the inner group roles is ['admin', 'facilitator']

Laravel passport - Allow user to act as/login as other user

I'm working on an application where some users should have access to other user accounts. For example: In a family, the mother and all 3 kids have an account. Now the mother should have access to all of the kids accounts.
Is there a possibility to setup something like this in Laravel using Passport? I thought about a "permission" database table with two columns (parent_account, child_account). Parent accounts could then switch between accounts where they have the permission.
Perfect would be something like a middleware where I can set Auth::actAs($child);and after that every Auth::user() call would be the child until I switch back to the "normal" account.
Additional information: I'm using Laravel to provide an API for my React Frontend Application. I tried the Auth::loginUsingId function, but when I use it I get logged out and I get the Method Illuminate\Auth\RequestGuard::loginUsingId does not exist. Exception.
I am using Laravel Version 6.9.0
I found a solution to my problem.
I added a middleware that contains this piece of code:
public function handle($request, Closure $next)
{
$activeChild = Auth::user()->activeChild; // id of child user
if ($activeChild) {
Auth::setUser($activeChild);
}
return $next($request);
}
After that I added this middleware to all routes:
Route::group(['middleware' => ['actAsUser']], function () {
// some routes
});

How to integrate role based permission in Laravel with Dingo API?

I'm currently studying Laravel framework and dingo api. Is there any way to integrate the role based permission using entrust to dingo api?
So for example, I have a route to get all the list of users, but only admin can access this.
So if the user is authenticated, but he's not an admin, he can't access this route.
I tried adding the middleware of entrust to the routes.php but when I tried it on postman, I get a syntax error.
here's my routes.php file:
$api->version('v1', ['middleware' => ['jwt.auth', 'role:admin']], function ($api) {
$api->get('users', 'App\Http\Controllers\Auth\AuthController#index');
$api->get('user', 'App\Http\Controllers\Auth\AuthController#show');
});
You can group this into different parts as this:
$api->version('v1', ['middleware' => 'jwt.auth'], function ($api) {
//general routes route goes here
//....
$api->group(['middleware' => 'role:admin'], function($api) {
//admin routes goes here
$api->get('users', 'App\Http\Controllers\Auth\AuthController#index');
$api->get('user', 'App\Http\Controllers\Auth\AuthController#show');
});
});
This means even though the user is authenticated, the two routes in the new group can only be accessed by the admins.
I hope this is helpful.

Workflow of role/permission based content filtering using Entrust Laravel

I am using laravel 5 and added Entrust for roles and permissions.
I don't know how to use the permissions. If I have a permission create-post means what will it do?
create option in the Post controller will be permit? Or we need to assign a permission name to the page?
Please suggest an example. Even I don't know where to check permissions...
The workflow of Entrust is as follows
Create roles
Role::create(['name' => $role]);
e.g admin, reader etc
Create permissions
Permission::create($permission);
e.g can_read_post, can_edit_post, can_delete_post
Assign permissions to roles
$role = Role::where('admin)->first();
$role->perms()->sync($ids); //here the ids are ids of permissons which you want to assign
e.g admin has permissions (can_read_post, ca_edit_post, can_delete_post) and reader has permissions (ca_read_post)
Assign roles to users
You can assign a role to many users.
$user->roles()->attach($roleId);
Filter content based on Role or Permission
The basic setup has been completed. Now you can filter the content of your website using different methods. Here I will discuss a few
Define a filter in filters.php and apply on route
filters.php
Route::filter('admin', function()
{
if(!Entrust::hasRole('Administrator'))
{
return Redirect::to('/');
}
});
routes.php
Route::group(['before' => ['admin']], function(){
//add some routes which will require admin role
//any user which has not admin role will be redirected to home page
}
In your views
#if(Entrust::can('can_edit_post'))
//add some html which will only be visible to users who has such a role which has this permission
#endif
In your controllers/models/repos
Similarly you can filter content in models/controllers/repos etc.
So I guess you have got the basic idea. Now you can use Entrust functions almost anywhere. Hope this helps.
Briefly what we need to done to implement Entrust Laravel Package for role based permission is as below.
Install the package as per per the instructions given in
https://github.com/Zizaco/entrust
After all, done with the above Package(GitHub) like database table creation, Middleware, Controllers and all.
When a user login in the system, then there is an array provided by Auth, that contains all the actions user can (actions ability logged in user can) take.
Let a suppose we have a Controller named as CategoryController as below.
class CategoryController extends Controller
{
public function __construct()
{
$this->middleware('permission:category_index', ['only' => ['index']]);
$this->middleware('permission:category_create', ['only' => ['create', 'store']]);
$this->middleware('permission:category_edit', ['only' => ['edit', 'update']]);
$this->middleware('permission:category_delete', ['only' => ['delete']]);
$this->middleware('permission:category_view', ['only' => ['show']]);
}
}
We generally have 5 actions in a Controller, If we have a single route (called as resource route) in our routers/web.php file for all CRUD actions of single controller.
In this example, suppose we have all these 5 methods. So we also have entry in permission for these in permission table.. like I have
Permission Table
id display_name name
5 Delete Category category_delete
4 Edit Category category_edit
3 Create Category category_create
2 List Category category_index
We just need to add these permission names in our controllers as I have done in the CategoryController, If you use hyphon in permission table's name filed, then use like
$this->middleware('permission:category-create', ['only' => ['create', 'store']]);
Write all permissions in the controller constructor.
that' it!!
It will automatically check the logged-in user ability and according to the database entry in permission_role (relation table of role and permission), It will either show the page or access denied for that user.
Hope this works !!

Resources