since laravel's built in authentication uses user model? For example I want to separate the admin from the user so I will build two different layers in my application, the admin and the user. How can I achieve this to laravel since it's default auth uses users table and user model?
In my opinion, there's no real need to separate the two. Administrators and typical users can exist on the same database table, because they are both users but can have different permissions.
It seems like you're just looking for a typical permissions system (ACL). There's multiple packages available that can help you handle this.
Orchestra Auth
Sentinel
Entrust
Normally as an admin is still an user you give them a role column and let say you have : users, moderators and admins. Then you got role 0,1,2 for them. Just make it an enum and if you need to check in Laravel use : Auth::user()->role == 2 for example of admin rights :)
Related
I developed some systems with laravel before, but only with the default user doing the login, now I have to develop a new system with 3 types of users, each one connected to different tables in the database doing different things, in What it could The investigation can be done with roles connected to the users table and this does not help me and my database model is full of recursive relationships that I have been asked to avoid at all costs.
How can I manage different types of user by login without resorting to using roles?
I usually use laravel-permission. Simple and the doc is very clear. Regarding the database, laravel-permission has a roles table that consists of the roles and another table with permissions so you don't need to create a table for each role. Give it a try!
what I want to create is Laravel 5.2 Admin and there are around 200 users who will use it with different permissions, so you can say 200 roles with different permissions.
I was planning to eliminate the role part from the picture and create some slug based mechanism, slugs will be related to controller public functions in short routes.
In Admin panel superuser will be able to assign permissions to user on controller functions with slugs.
Is this possible with any existing laravel package currently? If not then what will be the optimal solution you guys propose.
I always use Spatie Package, it is very flexible. You can manage role & permissions or only permissions. It is full of functions that make it easy. Check the documentation.
spatie-laravel-permission
Im working on an app that lets you create groups (lets keep it simple). Im using Laravel 6 and I already have authentication and authorization.
Now, I want to assign roles of Administration or Member to a user, only to specific groups. Example:
User A is an Admin for group A. (Can assign other user as Admin)
User A is only a member in group B. (Can only see group information)
User A is an Admin for group C. (Can assign other user as Admin)
Ive already tried Spatie, but it is working as general porpouses only.
Is there a way I can tweak this, any idea, article. I was also reading about Spatie - Policies
Any help provided is well received.
Thanks to #delena-malan for the comment and solution. It was possible for me to achieve this goal.
Ok, what I did was:
Install package of course and set it up
You are able to configure roles and permissions in controller or by seeder (As you want - No conflicts for me at all)
Get instance of Model #1 and #2 (My case User and Group)
Define abilities for User in Group
Check if User has one ability on defined Group
Ready to go
Ex:.
Bouncer::allow($user)->to('assign-admin', $group);
$boolean = $user->can('assign-admin', $group);
Since I had problem with Passport multi auth, I wonder is it necessary to have an admin guard (and an admins table) or it's better to use the default guard (and users table) for both admins and users with the help of role and permissions? Which is better?
That's a really hard question to answer without more information, but I'll try looking at it from a few perspectives:
You have an application that has users that can turn into admins (and vice-versa)
In this situation, I would probably have a single table that contains an is_admin column and use the column to validate whether the user can perform administration tasks (e.g. by using Laravel's gates). The downside to this is that if you wanted to create a third type of user (e.g. supervisor), you would need to change the model used.
You have an application where users are completely separate from administrators
If you control the administrators and everyone else is just a user, creating separate guards could be used, this does allow for a lot of flexibility in the future if you wanted to implement different authentication flows for both administrators and users (for example, using SAML). If you were to add a third type of user (e.g. supervisor), you could then just create another guard.
You have an application that can have different (customisable) permissions for each user
In this case I would recommend implementing a roles table, a permissions table, a role_permissions table and adding a column called role_id to the user table. This provides the most flexibility and is also usable with the Laravel's gate system, but is probably the most difficult to setup and hardest to maintain.
For the application I develop, we use a mixture of roles and guards. We use roles for users as each user gets a customisable set of permissions. We then use a separate guard for API users which inherit the permissions of the user they were authenticated with.
I want to create a RBAC system in laravel where a user can belong to several roles, and each role can have several permissions. The middleware should check if the user has a certain permission (within any of their roles) before it continues with the request.
I am able to implement a case where
A user belongs to one role which has many permissions
A user belongs to several roles which are used to determine access control (without the permissions bit)
I need to implement a user with multiple roles having multiple permissions. Any pointers?
If you are not interested in coding this yourself the a package like Laravel permissions would do exactly what you want.
https://github.com/spatie/laravel-permission
Otherwise you need to create pivot tables between the users ans their roles and the roles and their permissions
So you would have a user_roles table that would consist of user_id and role_I'd.
You would also have a role_permissions table which would have role_id and permission_id.
This would allow you to have many to many relationship and have many through relationship to get straight from user to role and role to user.
Hope that helps
As an overview. You need to have a roles table in your database which defines different types of user's your application can have , Like (Admin, Author, Editor, Moderator etc)
You also need to define a table role_user which contains data on which user has which role. This will be a Many to Many relationship since a user can have multiple roles.
Next you need to define a Middleware CheckRole which basically checks if user has a particular role. You can use this Middleware on different parts of your application to restrict authentication.
You might find this tutorial useful :
https://www.5balloons.info/user-role-based-authentication-and-access-control-in-laravel/