I am creating an application where there are different types of users and and there has to be different fields. I have currently made different tables for different users and at registration the fields are saved to different tables. Is there another way to tackle the problem.
Basically there are two users, And I have made the tables
normal_user
-id
-username
-email
-profile_photo
another_user
-id
-username
-email
-profile_photo
-city
-phone_number
-first_name
-last_name
Is there an easier way or good way ?
Laravel has ACL ( Access Control List ) shipped right from version 5.1. You can make use of Roles and Permissions like how you'd normally see in WordPress. Jeffery Way has explained this excellently in laracasts website.
https://laracasts.com/series/whats-new-in-laravel-5-1
The last 4 videos explains Policies and Gate contracts to implement roles and permissions in Laravel. I believe the last video explains briefly about User Roles and Permissions.
Related
Hello there I am working on a project in Laravel in which i need to assign permission to each user so that i could verify on each blade file or controller function to check whether the current user has the permission to perform this. Moreover, the side nav links are also generated using these permissions dynamically.
I created two tables:
1: User => [ID, Name .....]
2: Permissions => [ID, Name, user_id(fk)]
To solve this problem, i have stored all the permissions of users in session at the time of login. So that i can verify all permissions on each page and generate links fetching from session.
Is that good approach or there is any better solution for this
It would be good if you had share more code but i can see what you are want to archive. Firstly you dont need to store in the Session because you have already a relation between user Object and Permission. Add to your User model this lines of code:
public function permissions() {
return $this->belongsTo(User::class);
}
Then you have access in your blade or controller to the permission. Small example in the controller:
$user = User::find(1);
dd($user->permissions);
// you can write a condition to check if user has Permission etc.
Yes you can store this is the session. But the more better option will be to get the permission through relation object like
user::find(1)->permissions()
Well if you're asking "better solution" ... but I Not sure if it's too late for this information since you're already developing the project. However, I would recommnend this package for your long term management (for both user and dev).
Spatie Laravel-permission package
It has Role based permission and Direct permission design (which is similar to your design). Once you installed the package then role and permission tables are created for you.
Once you created desired roles with permissions, it's easy for you to manage which page to allow for which role and which button show be shown.
You can check roles in your controller for those who can view this page.
In blade, you can check both roles and permission for which button to show or disable.
Hence, your don't need to worry about session settings or session expires. It's better for maintaining and development in future.
The Spatie package has simple syntax and easy to work with.
Installation:
composer require spatie/laravel-permission
Syntax:
Basic usage and syntax
There are plenty information or tutorials out there.
I have two different websites one in Cakephp 2.6 Framework and another in Laravel 8x Framework.
I have two different databases but i want to uses my Cakephp site's database users table for login/registration for both sites, how to integrate this solution in my frameworks.
Thanks in advance!
According to my understanding: It doesn't related to frameworks, instead it is a matter of business logic and can be handled with two steps.
step 1 => Add a "system_code/website_code" column in the users table.
step 2 => Add additional check for system_code along with login credentials in your code base of both websites.
I have implemented small test code with Laravel Policies . I am wondering whether this is the right method to implement an roles based permission system. I also used Entrust Role Permission package too. My requirement is as follows :
1. List of Roles
2. List of Modules
3. Each Module has set of permissions
4. Each Role linked with Set of Permissions
Policies seems to connected with Models. When we create a complex application which we group Models in to components (or services providers), this approach seems to be difficult. Kindly advice on this issue .
Thanks in advance
I have made two login system. a) for Users and b) for Administrator.
But the problem is the app/config/auth.php in laravel has the default model=>'User' and
table=>'users' and I have two models and tables for different users.
How can I use the two different models and tables for login?
What you're doing is considered bad practice - you should take a look at role based permission systems or helpers. I have a few suggestions for you:
Sentry - Most popular, comes with permission system and roles
Entrust - Let's you add role based permissions
You should never repeat stuff for the same type of resource - that's like having a blog where you have a table for each category, it just doesn't really work and it's incredibly time consuming to keep up to date and in sync.
You should change your style right now, take the opportunity, it will save you time in the long run, believe me.
Does it affect the way joomla authenticate users if I add a custom user groups in the Joomla 1.5.15 and does it make it less secure?
I'm planning to add a custom group using the table jos_core_acl_aro_groups as described at http://docs.joomla.org/Custom_user_groups.
But someone told me that if I add a new user group and the group_id is greater than 25 (this is the ID of the Super Administrator), that new group will have the same access as the super admin in the default joomla core files without changing anything just the additional user group. Is this true?
Don't you have a local instsall of Joomla to try this?
Anyways, it's not true because it can't be, why should the group_id define the access rights? That would be a terrible ACL implementation. But please try it, before you actually use it live.
In Joomla 1.5 you can make user groups but they will have one of the existing role patterns. In Joomla 1.6 (alpha) there will be full flexibility in defining your groups, roles and granular ownership settings for each article, module, etc.
There are several extension you can find at:
http://extensions.joomla.org/extensions/access-a-security
Which enhance the core ACL functions. Give them a look and you'll probably find the solution without hacking the core files.