How to globally prevent saving to database in Laravel 5 - laravel-5

I made a PHP script in Laravel and now I want to show demo to my buyers. Since I don't want them to make any changes to the database, I was wondering if there is a way to globally disable any saving to the database?

If you have a BaseModel that extends Laravel's default Eloquent model class. And all of your applications models extend that BaseModel you can add the following to it:
public static function boot()
{
parent::boot();
static::saving(function($model)
{
return false;
});
}
This will intercept any creating or updating events from Eloquent.
This may be the technical answer for your question, but ideally just backup your db and restore it after showing to your buyers.

The easiest thing will be to create a mysql user that hasn't permissions to insert. Use the following mysql statement to create the user and use this user as the user in your database setting. I don't think there's a global method for this in laravel.
GRANT SELECT ON [database name].[table name] TO ‘[username]’#'%’;
This way, your user can view everything, but isn't able to save a bit.

Related

Laravel Passport : How to createToken in specific postgres schema

I'm currently looking to build SaaS application with Laravel APIs and Postgres as database
Every customer will have its own schema and I migrate the tables and data in its own schema.
Endpoint : https://google.<domain-name>.com/login
Wrote a middleware which will activate the schema depending on the sub-domain and this seems to working fine in PassportController.php
Currently, I'm having trouble login in a user as createToken is trying to insert a record in
public.oauth_access_tokens
but it should in fact create a record in
google.oauth_access_tokens (google is my schema)
Here is the code which is failing and I could able to get user object when I try to print auth()->user()
$accessToken = auth()->user()->createToken('authToken')->accessToken;
How can I use createToken in specific schema?
Update
I just figured out that it works if I change
protected $table = 'oauth_access_tokens';
to
protected $table = 'google.oauth_access_tokens';
in vendor/laravel/passport/Token.php (model) [I know, we should not be changing anything in vendor files].

Laravel - deleting a guest user after the user logs out

I am using Laravel 5.4 and I want to delete a guest user from the users table after he logs out. So I created a LogoutEventListener class (followed instructions from documentation) and I am able to successfully delete the user in the handle(Logout $event) function.
However I am unable to determine if Laravel's own logout() function in AuthenticatesUsers trait is called either before or after the above handle function. Add(...) statement at the beginning of this function never seems to be called. So I am afraid of any unforeseen sideeffects.
So, is it safe to delete the user in the LogoutEventListener::handle() function?
Those are events for laravel 5.2 +
$events->listen(
'Illuminate\Auth\Events\Logout',
'App\Listeners\UserEventSubscriber#onUserLogout'
);

How to make two types of users in Laravel

I want to ask how to make two types of users in laravel. I have two tables, one for the customer and one for the client and my question is how to make that difference. Do I have to make two different models or to use model User and make some functions in middleware?
Thank you.
If you're looking for the simpliest solution, you can add role column to users table. Then you can check if user is a client or a customer globally with:
if (auth()->user()->role === 1) {
// It's a client.
}
You can add some helper methods to check if user is a client or a customer:
public function isClient()
{
return auth()->user() && auth()->user()->role === 1;
}
To open the part of the website for client only you should use route groups and middleware.
I've run into the same situation and I've resolved it by using a package that handles multi-authentication:
Check out this package:
https://packagist.org/packages/hesto/multi-auth
There are also a blog post about this situation:
http://santo.sh/multi-login-for-laravel-5-3/
and of course more StackOverflow questions:
Using multiple Auth in Laravel 5.3?
Multiple Authentication in Laravel 5.3

How to access Session data from database

I want to access session data from database. Currently, I have changed default setting in session.php to database so that I can capture all the session columns in DB. But now I want to access these in my code. Do I need to create some session model or it's present out of the box just like user.php. Please help me.
You should create sessions table with these commands:
php artisan session:table
composer dump-autoload
php artisan migrate
Or you could manually create migration and run it, an example from documentation:
Schema::create('sessions', function ($table) {
$table->string('id')->unique();
$table->text('payload');
$table->integer('last_activity');
});
After doing that, you can just use sessions as usual with Session:: facade or sessions() helper:
session()->flash('message', 'Success!');
Update
If you need to access table data directly, you could do this:
DB::table('sessions')->get();
Or you could create SessionData() model and do this:
SessionData::all();

Laravel 5 - Is there a way to use built-in authentication but disable registration?

I am building an administrative back-end and thus need to hide public user registration. It appears that if you want to use the built-in Illuminate authentication you need to add
use AuthenticatesAndRegistersUsers to your controller definition. This trait is defined here.
It appears as if it is impossible to disable registration if you want to use the built-in auth handlers... can someone show me wrong?
I'm using Laravel 5.2+ and I found that if you remove the Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers and use just Illuminate\Foundation\Auth\AuthenticatesUsers does the trick too.
Though /register is still accessible and will throw a fatal error.
This page talks about overriding the auth controller. Its worth a read, at a basic level it seems you can add the following lines to app\Http\Controllers\Auth\AuthController.php :
public function getRegister() {
return redirect('/');
}
public function postRegister() {
return redirect('/');
}
So if a user accesses the registration url it will redirect them away to a place of your choosing.
You can have your own form of registration. The only thing Laravel does is make it easy to authenticate on a users table because they create the model, build the db schema for users and provide helper methods to authenticate on that model/table.
You don't have to have a view hitting the registration page... But if you want to use the built in auth you still need to use (or set) a Model and a driver for database connections.
You can just remove that view and/or controller method from the route that links to the registration view and create your own (or seed the database manually).
But, no, you cannot forgo using Eloquent, and the User model and expect to use built in auth. Built in authentication requires that you specify settings in /config/auth.php. You may specific a different model (other than User) and you may specify a different table, but you cannot forgo the configuration completely.
Laravel is very customizable though, so you can achieve what you are looking to do... plus why not use Eloquent, it's nice.
Based on #shoo's answer, working with Laravel 5.2
Add the following lines to app\Http\Controllers\Auth\AuthController.php :
public function showRegistrationForm() {
return redirect('/');
}
public function register() {
return redirect('/');
}

Resources