i'm new to laravel and cartalyst/sentinel, but for this project i'm facing out an authorization problem:
I have to set User CRUD permissions for the single content, and i'm facing out how to do id with cartalyst/sentinel.
(a lil' example: if i have a blog, i wanna set User CRUD permissions separately for each article).
Can anyone help me to find some documentation about something like this?
I have already implemented this kind of permissions with CakePHP, but is the first time i'm using laravel.
Thank You
The way I think you'd best go about this is by setting the users permission by using the article ID. You could give a user permissions like this: "articles.14.read":1,"articles.24.*":1. 14 & 24 being IDs of articles I made up.
At the last seems noone never has been capable to solve this problem, and i cant test the solution proposed. So i've falled back to the ACL stock support of Laravel 5.0.
Baybe i'll retry when i need the multisession system or other things from sentinel.
Related
I have looked on the internet a lot, and I haven't seemed to find anything based around permissions for roles on a discord bot in Python. I believe I have seen it done on js, but nothing else. I am wondering whether I am able to add permissions to certains roles using their names. Any input would help greatly! I would also like to know how to move roles up and down the list.
Use this if you are using rewrite: https://discordpy.readthedocs.io/en/rewrite/api.html#discord.Permissions
Use this if you are using async:
https://discordpy.readthedocs.io/en/latest/api.html#discord.Permissions
I have made two login system. a) for Users and b) for Administrator.
But the problem is the app/config/auth.php in laravel has the default model=>'User' and
table=>'users' and I have two models and tables for different users.
How can I use the two different models and tables for login?
What you're doing is considered bad practice - you should take a look at role based permission systems or helpers. I have a few suggestions for you:
Sentry - Most popular, comes with permission system and roles
Entrust - Let's you add role based permissions
You should never repeat stuff for the same type of resource - that's like having a blog where you have a table for each category, it just doesn't really work and it's incredibly time consuming to keep up to date and in sync.
You should change your style right now, take the opportunity, it will save you time in the long run, believe me.
I have created model User and table users to store user information
I also have executed the migration script.
I have no idea how to log user in and make authority recognize the user.
I really need tutorial or sample application or anything that could help.
Thanks for reading.
Your help are much appreciated
Unfortunately there are a couple of steps to many to describe here, but just have a look at http://net.tutsplus.com/tutorials/php/authentication-with-laravel-4/.
I currently have just the basic privileges set to joomla’s mysqluser: INSERT, UPDATE, DELETE and SELECT.
But in fact if the this user is being used across the entire site, if any hacker finds a way to get it or to control the queries (sql injection) he will be able to delete the entire content of a website.
My idea would be to have 2 different mysql users in joomla. One to user in the frontend and the other one to be used in the backend (/administrator). In fact the administrator will require the privileges I currently use, but the frontend user will only require SELECT and a few UPDATE and INSERT previligies to some particular tables like banners and session
I know it might sound paranoid, but currently the projects I'm working with require this kind of "paranoid" approach.
I expact any Joomla experts will help me in achieving this.
Firstly, I have seen that you used the Joomla 1.7 tag in your question, but please ensure you are running the latest version of the Joomla 2.5 series, 2.5.9
What you are trying to achieve from what I have read is you want 2 users, 1 that can only log into to the frontend and the other that can log in to the backend. This currently is available in Joomla and would require core code changes which I'm not going to recommend you do. Have a read through another question I answered, giving information and good extensions to help with security.
Joomla! 2.5.4 Hacked: Having trouble with diagnosis
Then, simply create a separate admin account and only use that one to login to the backend.
Im evaluating orchard cms for my employer and just wanted to ask a question about login and membership.
Our users and their roles are in another database which are exposed via an API and i would need to just get pointed in the right direction if it is possible to solve this in orchard.
The users must be able to login on the orchard site and it will display different content depending on their role. The admins and editors will use the built in user db.
What would be the correct way to solve this? Some kind of module or custom membership provider?
Also, is it possible to set visibility rules in orchard admin for content based on the roles from the other external DB?
Please do ask if you find something in my question confusing.
There were not that many modules in the orchard gallery but have been playing around with a few so i am now answering my question and hope it helps others looking to build their own custom login.
The one which helped me most was the windows authentication module which was really easy to rewrite to work against an external service.
edit: typo