Laravel - deleting a guest user after the user logs out - laravel

I am using Laravel 5.4 and I want to delete a guest user from the users table after he logs out. So I created a LogoutEventListener class (followed instructions from documentation) and I am able to successfully delete the user in the handle(Logout $event) function.
However I am unable to determine if Laravel's own logout() function in AuthenticatesUsers trait is called either before or after the above handle function. Add(...) statement at the beginning of this function never seems to be called. So I am afraid of any unforeseen sideeffects.
So, is it safe to delete the user in the LogoutEventListener::handle() function?

Those are events for laravel 5.2 +
$events->listen(
'Illuminate\Auth\Events\Logout',
'App\Listeners\UserEventSubscriber#onUserLogout'
);

Related

No notifications are returned

I am trying to get user's unread notifications though my controller.
This works:
public function notifications(){
return \App\User::find(auth()->user()->id)->unreadNotifications()->limit(5)->get();
}
This doesn't, it returns an empty collection:
public function notifications(){
return auth()->user()->unreadNotifications()->limit(5)->get();
}
Could you tell me what I am missing? Thanks in advance.
Using Laravel 5.8 with Backpack 3.5.
The default auth guard of Laravel is overwitten to use Backpack auth in backpack routes, using the UseBackpackAuthGuardInsteadOfDefaultAuthGuard middleware of the permissions manager package. In the rest of the controller auth() and backpack_auth works normally.
Try this:
public function notifications()
return Auth::user()->unreadNotifications()->limit(5)->get();
}
As said in the docs:
You may access the authenticated user via the Auth facade:
Alternatively, once a user is authenticated, you may access the authenticated user via an Illuminate\Http\Request instance. Remember, type-hinted classes will automatically be injected into your controller methods:
Auth and auth() likely don't work here because you're using the Backpack For Laravel authentication which uses a different guard than the default one Laravel uses.
This would probably work for you:
backpack_user()->unreadNotifications()->limit(5)->get();
If that works, here's why:
If you take a look at project/vendor/backpack/base/src/helpers.php you'll see that backpack_user() is an alias for backpack_auth()->user() and backpack_auth does a:
return \Auth::guard(backpack_guard_name());
That's the important bit because it grabs the guard defined config/backpack/base.php (which is backpack by default) and uses that instead of Laravel's default guard of web.

Laravel update Session manually

I am using Laravel 5.4 and I am using builtin Auth so Logging in - out comping behind the scene and it's storing the session automatically.
How can I add more information to my session ?
If you don't want to build a custom Login function, you could go to
AuthenticatesUsers file which handle this task and inside method called
authenticated(Request $request, $user)
You can add whatever you want.
This file can be found in
vendor->Laravel->framework->src->Illuminate->Foundation->Auth
Nour answer works but it's better if dont write code directly in vendor files, it can be overwritten by any composer update.
Instead you can add a function authenticated(Request $request, $user) directly in your App\Http\Controllers\Auth\LoginController and write your custom code that fires on every successful authentication.
Whatever you store in your user table will be stored in session data after log in you just need to access it like this
Auth::user()->column_name

Laravel logging out on user deleting

I am using Laravel 5.3.
I have an User model extending Authenticatable.
I also have an users panel where the super user can update and delete other users.
However, every time the super user deletes another user, he gets disconnected (logged out) from the system. How can I workaround this?
I am deleting on a custom controller "UserController":
public function delete (User $user)
{
$deleted = $user->delete();
return compact('deleted');
}
Found the problem:
When creating a new User using the built-in make:auth register method, the logged user inevitably gets re-logged as the recently created user. So, the logged user was no more the "super user" but the recently created user that, when deleted, gets logged out. Solved by registering in another method.
Without seeing any of your error logs, I'm not aware of Laravel's ability to return a variable from its controllers directly. So unless this feature exists, the issue may (at its core), be occurring due to the line:
return compact('deleted');
Try to return a view with the variable attached, (e.g. - if your view resides in resources/views/users/index.blade.php), replace the aforementioned line with the following:
return view('users.index', compact('deleted'));

Is it possible to get Laravel user data from Vue JS?

i have a Laravel 5.4 application where i do all Authentication based logic through PHP and then redirect the user to a catchAll route when they are authenticated, and let VueRouter take it from there...
I'd like to also use Entrust because my app will have several types of users and some elements (like an Edit User button) will only be visible to some user Roles.
I might also want to implement specific permissions, like some Admins can edit user Permissions, while others do not.
The issue is, alright i'm in Javascript territory now, so how do i know what my current Auth user is? Setting a global JS variable for Auth::user doesn't seem like a good idea to me.
Perhaps i would instead pass just an ID, but how exactly without making it globally visible as a window variable?
I think you may create an auth/check API call, like this:
protected function check()
{
if(Auth::guard('api')->check()) {
return Auth::guard('api')->user();
}
return ['success' => false];;
}
And then get current user with this call.

How to globally prevent saving to database in Laravel 5

I made a PHP script in Laravel and now I want to show demo to my buyers. Since I don't want them to make any changes to the database, I was wondering if there is a way to globally disable any saving to the database?
If you have a BaseModel that extends Laravel's default Eloquent model class. And all of your applications models extend that BaseModel you can add the following to it:
public static function boot()
{
parent::boot();
static::saving(function($model)
{
return false;
});
}
This will intercept any creating or updating events from Eloquent.
This may be the technical answer for your question, but ideally just backup your db and restore it after showing to your buyers.
The easiest thing will be to create a mysql user that hasn't permissions to insert. Use the following mysql statement to create the user and use this user as the user in your database setting. I don't think there's a global method for this in laravel.
GRANT SELECT ON [database name].[table name] TO ‘[username]’#'%’;
This way, your user can view everything, but isn't able to save a bit.

Resources