I am using Laravel 5.3 with Laravel Datatables and Entrust
On my index action I display a list of records in a datatable. Now I need to integrate entrust in to it. If the user is an admin they can see all leads. However, if the user is a normal user the can only see the records that belong to them.
I'm not sure how to approach this, do I put this query in an if statement checking for roles or is there a better way?
public function query()
{
$leads = Lead::query()
->select([
'leads.id as id',
'leads.parent_id as parent_id',
'statuses.name as status',
'leads.title as title',
'leads.first_name as first_name',
'leads.last_name as last_name',
'leads.opt_in as opt_in',
'leads.created_at as created_at',
'leads.user_id as user_id',
])
->leftJoin('statuses', 'leads.status_id', '=', 'statuses.id');
return $this->applyScopes($leads);
}
Too long I don't use Entrust, because Laravel has Policies. But at your problem, I saw that Entrust has method
Auth::user()->can('permission-name');
You must create permission and save into DB which create by run command
php artisan entrust:migration
After create permission, apply it to user, it may have Admin permission and Normal User permission
Please read more at: https://github.com/Zizaco/entrust
Hope I can help. If can use Entrust, let's research about Policies of Laravel, it's very good. Learn about Policies at https://mattstauffer.co/blog/acl-access-control-list-authorization-in-laravel-5-1#policies
Related
Trying to show the current signed in user's profile. What am i doing wrong.This is the function on the controller. I'm using Laravel 9
public function show(User $user)
{
return view('users.index', with('user', $user));
}
This is the routes
Route::resource('users', UsersController::class)->middleware('auth');
And my generic layout page
<x-dropdown-item href="/users/{{ auth()->user()->username }}" >Account</x-dropdown-item>
When i click the link i get user not found.
You're utilising route model binding which unless configured otherwise, requires you to provide a route with a model id. You're providing it with a username, so Laravel is throwing a 404 because it can't locate the relevant record in the database.
If you replace username with id, the binding should work.
<x-dropdown-item href="/users/{{ auth()->user()->id }}">
Account
</x-dropdown-item>
The code is fine. Are you sure you have a route with username, resource routes are using id.
To access model like that you need to specify id in the route like:
/users/{id}
However what you are trying to do here is access the logged in user model which you can access with the facade Auth::user();
You can access the user any time any where in the code and there is no need to pass it to an anchor link unless sending to an external system.
I'm using Laravel with Auth, Auth UI, Voyager admin panel, Telescope. Everything works fine untill I change APP_ENV=local to APP_ENV=production in .env file. When I change the .env file to production then I get the below error. screen shot of my issue is here.
Trying to get property 'name' of non-object
Basically I want to protect /telescope/*routes in production. But before doing that I am getting this error.
I read the same issue in github similar issue github link. I think the answer is present in the link but im unable to digest it as im a newbie.
Any help to fix this, and protecting telescope routes in production is much appreciated. I tried to create a Policy and give read permissions to the user via policy. But somehow im not able to fix it.
ok: its too easy - the only thing you have to do is:
php artisan make:policy -m User UserPolicy
thats it.
You can pass the array of email into the gate method in the TelescopeServiceProvider.php
Gate::define('viewTelescope', function ($user) {
return in_array($user->email, [
'username#domain.com'
]);
});
This will block everyone except the mentioned email of logged-in user.
Im trying to force logout all logged users in website from admin panel .
for testing purpose i have logged in 3 different browsers , I have cleared all entries from sessions table from database , and then try to refresh page but user remains logged in like below :
and found new entries in sessions table
but i want like below , when force logout from backend .
I want to force logout user and clear all sessions please guide me how to do it ?
If you have a remember_token column in your users table, you might want to update that one as well:
DB::table('users')->update(['remember_token' => null]);
I have solved using below function :
use DB;
public function force_logout(){
DB::table('users')->update(['remember_token' => null]);
DB::table('sessions')->delete();
}
I want to ask how to make two types of users in laravel. I have two tables, one for the customer and one for the client and my question is how to make that difference. Do I have to make two different models or to use model User and make some functions in middleware?
Thank you.
If you're looking for the simpliest solution, you can add role column to users table. Then you can check if user is a client or a customer globally with:
if (auth()->user()->role === 1) {
// It's a client.
}
You can add some helper methods to check if user is a client or a customer:
public function isClient()
{
return auth()->user() && auth()->user()->role === 1;
}
To open the part of the website for client only you should use route groups and middleware.
I've run into the same situation and I've resolved it by using a package that handles multi-authentication:
Check out this package:
https://packagist.org/packages/hesto/multi-auth
There are also a blog post about this situation:
http://santo.sh/multi-login-for-laravel-5-3/
and of course more StackOverflow questions:
Using multiple Auth in Laravel 5.3?
Multiple Authentication in Laravel 5.3
I made a PHP script in Laravel and now I want to show demo to my buyers. Since I don't want them to make any changes to the database, I was wondering if there is a way to globally disable any saving to the database?
If you have a BaseModel that extends Laravel's default Eloquent model class. And all of your applications models extend that BaseModel you can add the following to it:
public static function boot()
{
parent::boot();
static::saving(function($model)
{
return false;
});
}
This will intercept any creating or updating events from Eloquent.
This may be the technical answer for your question, but ideally just backup your db and restore it after showing to your buyers.
The easiest thing will be to create a mysql user that hasn't permissions to insert. Use the following mysql statement to create the user and use this user as the user in your database setting. I don't think there's a global method for this in laravel.
GRANT SELECT ON [database name].[table name] TO ‘[username]’#'%’;
This way, your user can view everything, but isn't able to save a bit.