I am new to laravel (5.2) and followed this great series https://www.youtube.com/watch?v=Zxmf0n2sC1I&index=34&list=PLwAKR305CRO-Q90J---jXVzbOd4CDRbVx
Can somebody point me into the right direction how to setup the authentication that registered users can only edit / delete their OWN posts.
e.g: Logged in User "A" is not allowed to edit Posts from User B.
Thanks for helping me out.
You can use the ApiGuard. See more: https://github.com/chrisbjr/api-guard
Great. This works perfectly for edit. However something goes wrong with my index view (where all posts are listed). My Code looks like:
public function index($id)
{
//create a var and store all blog posts from DB
$posts = Post::findOrFail($id);
if($posts->id !== Auth::user()->id){
abort(403, 'Access denied');
}
//return a view and pass in the above var
return view('posts.index')->withPosts($posts);
}
The error message in my view is: ErrorException in PostController.php line 23:
Missing argument 1 for App\Http\Controllers\PostController::index()
I am not sure what to do with the index($id), where ca I grab the id from?
Thanks again
If your posts table has an user_id then you can check if that user is the same as the logged user. For example:
routes.php
Route:get('post/{id}/edit', PostsController#edit);
PostsController.php
class PostsController extends Controller{
public function edit($id){
$post = Post::findOrFail($id);
if($post->user_id !== Auth::user()->id){
abort(403);
}
return view('posts.edit', $post);
}
}
EDIT: Updated including an index method as requested in the comments.
routes.php
Route:get('posts', PostsController#index);
Route:get('post/{id}/edit', PostsController#edit);
PostsController.php
class PostsController extends Controller{
public function index(){
$posts = Post::all();
return view('posts.index', $posts);
}
public function edit($id){
$post = Post::findOrFail($id);
if($post->user_id !== Auth::user()->id){
abort(403);
}
return view('posts.edit', $post);
}
}
I your Post has an user_id then you can check if that user is the same as the loggin user. The code will be
PostController.php
class PostController extends Controller
{
public function getUpdatePost($post_id) {
$post = Post::find($post_id);
if($post->user_id !== Auth::user()->id){
abort(403);
}
return view('posts.edit',['post' => $post]);
}
}
and your routes file will be
Route::get('/post/{post_id}/edit', [
'uses' => 'PostController#getUpdatePost',
'as' => 'post.edit'
]);
Related
I have facing the issue for after login user page 404 error. Please check the below code and help me the issue solve.
web.php
Route::get('/login','UserAuthController#login');
Route::post('/login-user','UserAuthController#LoginUser')->name('login-user');
Route::get('user/myprofile','UserAuthController#UserDashboard');
//Route::get('user/myprofile','UserAuthController#UserProfile')->name('UserProfile');
UserAuthController
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Users;
use Hash;
use Session;
class UserAuthController extends Controller
{
public function login(Request $request)
{
return view('pages.login');
}
protected function LoginUser(Request $request)
{
$request->validate([
'username'=>'required',
'password'=>'required'
],[
'username.required'=>"The User Name is Required.",
'password.required'=>"The Password is Required."
]);
$user = Users::where('username', '=', $request->username)->where('status', '=', 1)->first();
if ($user){
if (Hash::check($request->password, $user->password)){
$request->session()->put('userId',$user->userid);
//return redirect('user.myprofile');
//return redirect()->route('user.myprofile');
//return redirect()->intended('user/myprofile');
return redirect('UserDashboard');
}else{
return back()->with('fail', 'Password not matches. Please try again!!');
}
}else{
return back()->with('fail', 'This Username is not registered.');
}
}
public function UserDashboard (){
return view('user.dashboard');
}
}
After Login Page
http://127.0.0.1:8000/UserDashboard
404 NOT FOUND
Hi Replace your code from
return redirect('UserDashboard');
to
return redirect('user/myprofile');
You should redirect with name route like:
Route::get('user/myprofile','UserAuthController#UserDashboard')->name('user-profile');
In Controller:
return redirect()->route('user-profile');
Also, make sure user.dashboard view file exist.
I am trying to make it so I can as admin impersonate users in my app. I get this error
Trying to get property 'type' of non-object
on this line
if($user->type !== 1) //1 for type admin
in someUserController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Auth;
use App\Models\User;
class someUserController extends Controller
{
public function __construct()
{
$this->middleware('auth');
$id = Auth::id();
$user = User::find($id);
//echo '<pre>ID:'.$id.' - '.print_r($user,1); die();
if($user->type !== 1) //1 for type admin
{
echo ' error not admin (nice try!).';
die();
}
}
public function impersonate($id)
{
Auth::logout(); // for end current session
Auth::loginUsingId($id);
return redirect()->to('dashboard');
}
}
route web.php
Route::get('/impersonate/{id}', [someUserController::class, 'impersonate']);
Route::get('dashboard', function () {
$id = \Illuminate\Support\Facades\Auth::id();
$user = \App\Models\User::find($id);
//echo '<pre>'.print_r($user,1); die();
if(!$user->active) return redirect('404-page');
switch($user->type)
{
case 1: return redirect('x-url-dashboard-1'); break;
case 2: return redirect('x-url-dashboard-2'); break;
case 3: return redirect('x-url-dashboard-3'); break;
}
This is the link in my blade file.
Enter as {{$user->name}}
This is happening because User::find($id); is returning null, indicating that there is no user in your database with the nominated id.
In any case, you'll find it easier to use Auth::user() instead, as with your current code you are make two database calls for no real reason.
You're already authenticated so it knows who you are
Don't need to find the user by id, you already have it.
To fix your issue, check that the $id is what you think it should be.
As a follow up to what #Jason explained, you could try something like below:
public function __construct()
{
$this->middleware('auth');
if(Auth::user()->type !== 1)
{
abort(403);
}
}
I have a page with a some content on it and a comments section. Comments can only be left by users who are signed in so I have added a login form to the page for users to sign in with (this only shows if they are not already logged in).
The problem I have is that when the user signs in they get redirected back to the home page and not the page they were previously on.
I have not changed the login method from the out of the box set-up.
Can anyone suggest a simple way to set the redirect url. My thoughts are that it would be good to be able to set it in the form.
Solution for laravel 5.3:
In loginController overwrite the showLoginForm() function as this one:
public function showLoginForm()
{
if(!session()->has('url.intended'))
{
session(['url.intended' => url()->previous()]);
}
return view('auth.login');
}
It will set the "url.intended" session variable, that is the one that laravel uses to look for the page which you want to be redirected after the login, with the previous url.
It also checks if the variable has been set, in order to avoid the variable to be set with the login url if the user submit the form with an error.
For Laravel 5.5, following code worked for me by just updating LoginController.php
public function showLoginForm()
{
session(['link' => url()->previous()]);
return view('auth.login');
}
protected function authenticated(Request $request, $user)
{
return redirect(session('link'));
}
Please use redirect()->intended() instead in Laravel 5.1
You can also see more about it here: http://laravel.com/docs/5.1/authentication
For Laravel 5.3
inside App/Http/Controllers/Auth/LoginController
add this line to the __construct() function
$this->redirectTo = url()->previous();
So the full code will be
public function __construct()
{
$this->redirectTo = url()->previous();
$this->middleware('guest', ['except' => 'logout']);
}
It works like a charm for me i'm using laravel 5.3.30
For Laravel 5.4, following code worked for me by just updating LoginController.php
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\URL;
public function __construct()
{
$this->middleware('guest', ['except' => 'logout']);
Session::put('backUrl', URL::previous());
}
public function redirectTo()
{
return Session::get('backUrl') ? Session::get('backUrl') : $this->redirectTo;
}
The Laravel 5.6, When user insert wrong credentials then login page will reload and session(['link' => url()->previous()]); will take login URL in link variable. So the user will redirect to a login page again or redirect to /home if login success. So to avoid these below code working for me! After that no matter how much time user insert wrong credentials he will redirect after login to exactly where he was before login page.
Update or overwrite public function showLoginForm() in LoginController.
public function showLoginForm()
{
if (session('link')) {
$myPath = session('link');
$loginPath = url('/login');
$previous = url()->previous();
if ($previous = $loginPath) {
session(['link' => $myPath]);
}
else{
session(['link' => $previous]);
}
}
else{
session(['link' => url()->previous()]);
}
return view('auth.login');
}
Also, Update or Overwrite protected function authenticated(Request $request, $user) in LoginController.
protected function authenticated(Request $request, $user)
{
return redirect(session('link'));
}
If you want to redirect always to /home except for those pages with comments, then you should overwrite your redirectTo method in your LoginController:
public function redirectTo()
{
return session('url.intended') ?? $this->redirectTo;
}
On all pages where you want to remain on the site, you should store the url for one request in the session:
public function show(Category $category, Project $project){
// ...
session()->flash('url.intended' , '/' . request()->path());
}
Redirect to login with the current's page url as a query string:
login
In your LoginController check if exists and save the query string in session then redirect to the url after login
public function __construct() {
parent::__construct();
if ( \request()->get( 'redirect_to' ) ) {
session()->put( 'redirect.url', \request()->get( 'redirect_to' ) );
}
$this->middleware( 'guest' )->except( 'logout' );
}
protected function authenticated(Request $request, $user) {
if(session()->has('redirect.url') {
return redirect( session()->get( 'redirect.url' ) );
}
}
Look into laravel cheat sheet
and use:
URL::previous();
to go to the previous page.
Laravel 5
(maybe 6 also, not tested, if someone knows it please update the answer)
add this to LoginController:
protected function redirectTo(){
return url()->previous();
}
Note: if present the field $redirectTo , remove it
in your RedirectIfAuthenticated.php change this code
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect()->intended('/contactus');
}
return $next($request);
}
please notice to :
return redirect()->intended('/contactus');
Inside your template file you can just use:
{{ url()->previous() }}
To redirect from the controller you should use
return redirect()->back();
or Just
return back();
use Illuminate\Support\Facades\Redirect;
public function Show_Login_Form()
{
$back = Session::put('url_back',url()->previous());
$current = url()->current();
if(Session::get('user_id'))
{
if ($back == $current) { // don't back Login Form
return Redirect::to('home');
}
elseif (Session::has('url_back')) {
return Redirect::to('home');
}
else{
return redirect()->back();
}
}
else{
if ($back == $current) {
return Redirect::to('home');
}
else{
Session::put('url_back',url()->previous());
}
return view('account.customer-account.login');
}
}
public function signin_user(Request $request) // Login post
{
$username = $request->input_username_login;
$password = md5($request->input_password_login);
$result = DB::table('tbl_user')
->where([['user_email',$username],['user_password',$password]])
->orWhere([['user_phone',$username],['user_password',$password]])
->first();
if($result){
Session::put('user_id', $result->user_id );
Session::put('user_name', $result->user_name);
Session::put('user_username', $result->user_username);
Session::put('user_avatar', $result->user_avatar);
return Redirect::to(Session::get('url_back')); // Back page after login
} else {
Session::put('message_box', 'Error !!!');
return redirect()->back();
}
}
You can use redirect back with Laravel 5:
<?php namespace App\Http\Controllers;
use Redirect;
class SomeController extends Controller {
public function some_method() {
return Redirect::back()
}
}
Use Thss
return Redirect::back('back-url')
I am currently trying to build a user registration system with edit fields. At the edit portion, I had to create separate views for editing/updating personal details, email, and passwords.
I started with an empty resource controller. it had only one edit method. Hence I added additional edit methods. Each method can have a separate route. However, I have a hard time having a separate route for each update method in each section as the resource has only one route like this in docs:
PUT/PATCH /photos/{photo} update photos.update
Is there any workaround for this?
Controller
class UserController extends Controller
{
public function __construct()
{
$this->middleware(['auth', 'verified']);
}
public function index()
{
return view('users.index');
}
public function edit_personal(User $user)
{
$user_profile = User::find($user->id);
return view('users.edit.personal', ['users' => $user_profile]);
}
public function update_personal(Request $request, User $user)
{
// How to write route for this method.
}
public function edit_email(User $user)
{
$user_profile = User::find($user->id);
return view('users.edit.email', ['users' => $user_profile]);
}
public function update_email(Request $request, User $user)
{
// How to write route for this method.
}
public function edit_password(User $user)
{
$user_profile = User::find($user->id);
return view('users.edit.password', ['users' => $user_profile]);
}
}
Routes
Auth::routes(['verify' => true]);
Route::get('/', function () {
return view('welcome');
});
Route::get('/users/{user}/personal', 'UserController#edit_personal')->name('users.personal');
Route::get('/users/{user}/email', 'UserController#edit_email')->name('users.email');
Route::get('/users/{user}/password', 'UserController#edit_password')->name('users.password');
Route::resource('users', 'UserController');
Basically I have separated edit portion of user controller into personal, email and password sections and they have separate forms. I want to write update functions for each section in UserController.
don't know why are you using separate forms for updating each fields while you can do it in a single form. however you can use either put/patch or post method for updates. here's i am using post for example.
routes:
Route::get('users/{user}/personal', 'UserController#edit_personal')->name('users.personal');
Route::post('users/{user}/personal', 'UserController#update_personal')->name('users.update-personal');
Route::get('users/{user}/email', 'UserController#edit_email')->name('users.email');
Route::post('users/{user}/email', 'UserController#update_email')->name('users.update-email');
Route::get('users/{user}/password', 'UserController#edit_password')->name('users.password');
Route::post('users/{user}/password', 'UserController#update_password')->name('users.update-password');
as you are using route model binding you can directly get the object.
public function edit_personal(User $user)
{
return view('users.edit.personal', ['users' => $user]);
}
public function update_personal(Request $request, User $user)
{
//validation goes here
$user->update([
'value' => $request->value,
...........
]);
}
I have a Post/Category manyToMany relations and would like to be able to attach a default category named "Uncategorised" to each new post that is created. How can I do that? A BelongsToMany method only works on the Details page, not on Create page.
BelongsToMany::make(__('Categories'), 'categories', Category::class),
You can also set default value to your database field so that you can omit passing category and will be taken default to Uncategorised like if you are using MySQL you can do it this way by creating migration
$table->text('category')->default(0);
Because the BelongsToMany not show on mode create in Post Nova model. So we have to make our custom Select, by add this code to your fields:
public function fields(Request $request)
{
if($request->editMode=="create"){
$categories = \App\Category::get(['id','name']);
$options = [];
foreach($categories as $value){
$options[$value->id] = $value->name;
}
return [
ID::make()->sortable(),
Text::make('Title'),
Text::make('Summary'),
Textarea::make('Content'),
Select::make('Categories', 'category_id')
->options($options)
->displayUsingLabels()
->withMeta(['value' => 1]) // 1 = id of Uncategorised in categories table
];
}
return [
ID::make()->sortable(),
Text::make('Title'),
Text::make('Summary'),
Textarea::make('Content'),
BelongsToMany::make('Categories','categories')->display('name'),
];
}
Don’t forget relationship function in both, Post and Category model:
class Post extends Model
{
public function categories(){
return $this->belongsToMany(Category::class, 'category_post', 'post_id', 'category_id');
}
}
And:
class Category extends Model
{
public function posts(){
return $this->belongsToMany(Post::class,'category_post', 'category_id', 'post_id');
}
}
Then, custom the function process the data on mode Create of Post resource page, it’s at nova\src\Http\Controllers\ResourceStoreController.php, change function handle to this:
public function handle(CreateResourceRequest $request)
{
$resource = $request->resource();
$resource::authorizeToCreate($request);
$resource::validateForCreation($request);
$model = DB::transaction(function () use ($request, $resource) {
[$model, $callbacks] = $resource::fill(
$request, $resource::newModel()
);
if ($request->viaRelationship()) {
$request->findParentModelOrFail()
->{$request->viaRelationship}()
->save($model);
} else {
$model->save();
// your code to save to pivot category_post here
if(isset($request->category_id)&&($resource=='App\Nova\Post')){
$category_id = $request->category_id;
$post_id = $model->id;
\App\Post::find($post_id)->categories()->attach($category_id);
}
}
ActionEvent::forResourceCreate($request->user(), $model)->save();
collect($callbacks)->each->__invoke();
return $model;
});
return response()->json([
'id' => $model->getKey(),
'resource' => $model->attributesToArray(),
'redirect' => $resource::redirectAfterCreate($request, $request->newResourceWith($model)),
], 201);
}
}
All runs well on my computer. A fun question with me! Hope best to you, and ask me if you need!
What I ended up doing was saving the data on Post Model in boot().
public static function boot()
{
parent::boot();
static::created(function (Post $post) {
$post->categories()->attach([1]);
});
}