I have an account called users. When a user logs in they view information specific to them. When another user logs in they view the other users information. What do I need to do to ensure logged in users only view their information only?
You can use $user = $request->user(); to get the user and return it as a variable with the view for the profile page. Then you can use the user variable to get the rest of the user's data.
Related
I have created a multi auth application using guards and create a three login and register pages for users, admins, managers. I have a different users table for every userstrong text. I just need one login and register page for three type of users. How I should do that??
You could do something like:
if (! Auth::guard('user')->attempt($request->only('email', 'password'), $request->boolean('remember'))) {
// Logged in as user
}
if (! Auth::guard('admin')->attempt($request->only('email', 'password'), $request->boolean('remember'))) {
// Logged in as admin
}
...
But, you probably don't need different auth guards and a table for each type of user. Instead, the better approach here IMHO would be to use a single users table, and a single auth guard, but then use something like a permissions/roles system (example: spatie/laravel-permission) to differentiate between the user types.
This way you can just have one way to log in. You can split the login form or you can use the same form for all roles. Based on their role you can redirect them to another page where they can see their actions. For example, a separate admin dashboard. You can use different login URLs of course where you only allow users to log in with a certain role. This is a small adaption to the current login flow by just checking on the role as well. You can even create your own controller for it if needed.
You can always use middleware or permission based on the current role of the user to determine where they can go or what they can see.
Multi auth always makes it more complex, while in your case you just have users that log in but have different permissions.
I'm trying to figure out how quickest and easiest to allow the admin user on the site I'm building to access and update any user's settings etc. E.g. I've written the code for a regular user to update their settings (and various other actions). Ideally I want an admin to be able to "be" that user as far as my code is concerned, i.e. allow the admin to do anything a user can, to that user's account. Is there any way of doing this?
If I Auth::login() as admin then from the point of view of Laravel I'm the admin user and not the user they might want to edit. If I login as the user then I don't have admin rights (which in my case means an extra admin menu on the navbar with options to suspend or delete the user, or search for other users).
Any thoughts on how to do this please, or am I overcomplicating things? I am looking for a specific functions/code to allow this, rather than a general strategy. I'm using Laravel 5.4, deployed on Heroku. I know there's middleware but it doesn't seem to do what I want as above.
Many thanks.
You could do as suggested in the above comment by Tim Lewis, or you could accept an "override" property in the user edit page where you can pass a specific user ID and then view the page as that user. For instance, the method might look like this:
public function editUser(User $user=null) {
//User that you want to edit can be provided. If not provided, $user will be null and we will load the user that is currently logged in.
if($user!=null && Auth::user()->role=='admin')
$user_to_edit = $user;
else
$user_to_edit = Auth::user();
//other code goes here
}
Then, if you pass a $user object to the method, you will be given the edit page for that user, rather than the Admin. Otherwise, a user will be able to use the same route in order to always view their own edit page.
Be very careful with code like this! You will want to make sure that non-admins do not have the ability to load in a user object and see somebody else's information. That's why I added the $user->role check in the if/else statement, but you might want to add extra security in the form of middleware.
spatie permissions is a wonderful package that I use to make permissions to resources available to super-administrators. https://github.com/spatie/laravel-permission
I've got a Laravel app set up with user authentication, and a form on the user's homepage after logging in. The form posts to a custom controller. What I need is to be able to retrieve the ID of the current user (the one logged in) from within the controller, so it can be saved to a model along with the formdata.
It seems extremely easy, but I'm struggling to get it working. I have:
use Auth;
at the top of my custom controller. Inside the function that the form posts to I have tried:
var_dump(Auth::id());
var_dump(Auth::user()->id);
var_dump(Auth::user());
All of these return null.
As per mokiSRB's suggestion, I added a check for:
if (Auth::check())
And found that the user had been timed out without my knowing. This check is thus important to wrap anywhere you need to retrieve information about the logged in user.
In my codeigniter application following is the format of user profile
http://example.com/foo/view_profile/userid
how can I restrict a user to view others profile? that means he cannot browse any other link than his profile.
so user foobar420 can not browse following links for example
http://example.com/foo/view_profile/foobar250
http://example.com/foo/view_profile/
http://example.com/any-this-else
How can I achieve this?
Was going to comment this, but it's sort of an answer. Well an idea on this subject at least.
Instead of having "/view-profile/userId" why not just "/view-profile" and send the user model as an object to the page. Then you can just render the proper information only for the user who is actually logged in to the server. Assuming you have access to the user model in your server side script, this is the preferred method.
And if no user model is present, redirect to the login page.
I have a custom php script for this i want to use the user information which is logged in into the phpfox site.
Just like in the wordpress we can access the information of the logged in user through the wp-header.php
So i was looking for such like thing to access the loggedin user information in phpfox.
Is there any function or function files through which we can access the loggedin user information and use the same session.
use Phpfox::getservice('user')->get(Phpfox::getUserId()) to get common fields of user