I was authorized under user and object Auth::user() is not empty. So using this object and relations between models therefore I can get status of user from Users table:
$profileStatus = Auth::user()->user->first()->status;
How to share this variable $profileStatus in all template in Laravel to show/hide HTML blocks depend this value (active/not active)?
Once User successfully logged in, you can set status in globally like
View::share('user_status', $profileStatus);
then you can access user_status from your entire application including blade templates.
Related
I am new to Laravel and I want to make data in my database available via RESTFUL API. I need to control permissions of data objects with field level specificity. I was curious what is the idiomatic way to do this in Laravel?
For example, I will have a database table called PrintMachine that has the fields Id,MachineName,ActivityStatus,ManufacturingYear. I want to assign the following permissions:
Web Administrators get Read and Edit access to all records and all fields in PrintMachine
Factory Managers get Read and Edit access to the PrintMachine.MachineName and PrintMachine.ActivityStatus fields for all records and get no access to any other fields in PrintMachine.
Floor Operators get Read access to the PrintMachine.MachineName field for all records and get no access to any other fields in PrintMachine.
People told me to consider Spatie Module and also read Gates and Policies, but it's not clear how either achieves field level permissions on their own.
The other option I was considering was to custom create my own solution by:
for GET requests, create three ViewModels called PrintMachineAdmin,PrintMachineManager,PrintMachineOperator, each class with properties accessible to the corresponding roles.
for POST/PUT requests, I'll have to write my own conditional statements to validate data based on the users roles
Is there a more idiomatic way to develop the a feature for field level permissions for restful apis?
So many options. An implementation of role and permission structure can achieve this and you can most certainly do this via the Spatie Module.
Eg adapted from spatie documentation:
$role = Role::create(['name' => 'Manager']); //db has roles table
//or if already created
//$role = Role::where('name', 'Manager')->first();
$permission = Permission::create(['name' => 'edit PrintMachine.MachineName']); //db permissions table
$role->givePermissionTo($permission); //now manager role has been assigned permission to edit machine name.
//assigning role to user
$user = User::create(['name'=> 'Manager User']); //or get existing
$user->assigneRole($role); //now this user has edit access to machine name
//to see if user has access
if( $user->hasPermissionTo('edit PrintMachine.MachineName') )
//do efit
//OR if you want to check using role
if( $user->hasRole('Manager')
//do manager stuff
//and in view you can use #can blade directive
#can( 'edit PrintMachine.MachineName' )
//authenticated user can edit machine name //show edit button/form
#endcan
//similarly #role directive will do the check using role
For super admins in AuthServiceProvider's boot method.
Gate::before(function ($user, $ability) {
return $user->hasRole('Super Admin') ? true : null;
});
Gate's before method precedes all other gate operations so all other permissions can be overridden here.
in Laravel i want to do a page with a search box and a form (the route could be /products)
I want to retrieve information using search box typing id from a db and populate the form.
I request datas with the route for example /products/{id}
But in the controller i use the same function products($Request request) with if the id exists do something if no do other things, or there are two different functions?
Thx
Please go through the Laravel Resource Controllers.
To show list of products i.e. /products, create a index() method. To show a specific product i.e. /product/{id}, create show() method.
Probably is better use the same function, if id exist, return the page with the values filling the form, if not returns the same page but with a message showing that product doesn't exist
Is it possible to change the attributes of form view for specific user groups in form view tag, like in form tag, readonly="{('user_group','=','some_group')}">
I need to make a form view read-only for s specific user group but only from front-end. Records are updated from code by that user belonging to that specific user group from back-end. and if i disable updating the records of that model by that user group in my security file, that user is not able to modify the records even from back-end.
Best way to do this is by defining a new group that have only read access on that model and add to that user you will save a lot of typing and a lot of your time.
Because what you really asking is to remove edit write for a specific user.
I am building a series of forms in Laravel 4 with Doctrine 2. I want to be able to restrict access to each forms subsystem based on a user's level of permission (none, view, view and edit, view edit and delete).
In my database I have a table where each form subsection is stored (id, form_name, view_foldername) called "libForms". I also have a "users" table with all of the typical user information. When a new user is added, a third table, "permissions" gets populated with an access level of '0' (none) for each form currently in the system for that particular user.
When a new form is created, I also have it set up to where a new directory is created in the app/views directory. The name of this directory is a camelCase version of the form's name.
What I want to do is restrict access to any view within app/views/folderName for users that have an access level of '0' (none). Any user without access should be spit back to the homepage.
So far I have come up with trying something like:
Route::filter('formAuth', function()
{
$entityManager = App::make('Doctrine\ORM\EntityManagerInterface');
//get current user
$current_user = $entityManager->getRepository('User')->find(Session::get('my_userid'));
//check user's permission level for this section of forms
$form_route = $entityManager->getRepository('LibForm')->findOneBy(array('route_name' => Request::segment(1)));
...
});
And then calling this filter in the Controller's constructor.
$this->beforeFilter('formAuth');
I don't assume any of this is close to being correct and I am just confusing myself even more every time I think of something else!
I am using the Mail Merge feature of Navision and would like to be able to add the name of the user who is invoking the mail merge. If this information is stored in a Navision table, I can call it out and add it to the template.
The current NAV user can be accessed using the USERID global variable (always defined in NAV objects, doesn't need to be defined by you).