Here I have a little bit confusion in my coding. And my problem is, When the user logged in to his account. At that time,If admin blocks the user whoever is logged in. And if the user clicks on any link then the user must be logout.
I have created a bunch of controller in my project. So, I don't like to make a change in all the controllers. How to write the code in short and sweet.?
Thanks in advance. :)
You need to extend Your CI_Controller and add in __constructor() validation is user blocked/not
Related
I am using Laravels normal authentication functionality with RegisterController and the default views that are included. I have modified the RegisterController#create method to create a related model called Home to the User. Although a Home can have several User relations.
After signup, the User automatically have a Home related to them. The user should now be able to invite new users to join their Home. All the logic around the invites are solved, but I was wondering what the best solution for registering the invited user is.
Currently I have created a InviteController with a acceptInvite method that registers the new User related to the existing Home. But I really want to reuse the RegisterController#create method instead of having to maintain two registration processes.
Any ideas?
Your question is not clear... The user you want to invite to HOME are they registered users? if yes
All you need is a many to many relationship using a pivot table.
If the user you want to add to HOME is a new user and not already register on your app, just send them a mail with link to your register page, and let then use the RegisterController#create
Hope this help:)
I'm trying to figure out how quickest and easiest to allow the admin user on the site I'm building to access and update any user's settings etc. E.g. I've written the code for a regular user to update their settings (and various other actions). Ideally I want an admin to be able to "be" that user as far as my code is concerned, i.e. allow the admin to do anything a user can, to that user's account. Is there any way of doing this?
If I Auth::login() as admin then from the point of view of Laravel I'm the admin user and not the user they might want to edit. If I login as the user then I don't have admin rights (which in my case means an extra admin menu on the navbar with options to suspend or delete the user, or search for other users).
Any thoughts on how to do this please, or am I overcomplicating things? I am looking for a specific functions/code to allow this, rather than a general strategy. I'm using Laravel 5.4, deployed on Heroku. I know there's middleware but it doesn't seem to do what I want as above.
Many thanks.
You could do as suggested in the above comment by Tim Lewis, or you could accept an "override" property in the user edit page where you can pass a specific user ID and then view the page as that user. For instance, the method might look like this:
public function editUser(User $user=null) {
//User that you want to edit can be provided. If not provided, $user will be null and we will load the user that is currently logged in.
if($user!=null && Auth::user()->role=='admin')
$user_to_edit = $user;
else
$user_to_edit = Auth::user();
//other code goes here
}
Then, if you pass a $user object to the method, you will be given the edit page for that user, rather than the Admin. Otherwise, a user will be able to use the same route in order to always view their own edit page.
Be very careful with code like this! You will want to make sure that non-admins do not have the ability to load in a user object and see somebody else's information. That's why I added the $user->role check in the if/else statement, but you might want to add extra security in the form of middleware.
spatie permissions is a wonderful package that I use to make permissions to resources available to super-administrators. https://github.com/spatie/laravel-permission
I am new to laravel and currently i am learning and experimenting on my old php based mini-project conecpt ,i have successfully created the user registration and user login with some features for users,but i am confused how do i create a admin module and provide admin privilege's along with one more sub module (moderator).
I have completed website module,it works fine but i am confused how do i give the following functionalities.
how do i add admin module
admin can access user information
only admin can add moderator
any suggestions would be helpful,
Thank you.
I think what you are trying to do is make some routes only accessible by an admin or moderator?
Make a custom middleware so only if a user has a sufficient role level they can acces the given route.
https://laravel.com/docs/5.6/middleware#defining-middleware
You could have a moderator middleware that checks if a user has role 1 or higher, and a admin middleware that checks if a user has role 2.
i hope this is somewhat what you are searching for.
In my codeigniter application following is the format of user profile
http://example.com/foo/view_profile/userid
how can I restrict a user to view others profile? that means he cannot browse any other link than his profile.
so user foobar420 can not browse following links for example
http://example.com/foo/view_profile/foobar250
http://example.com/foo/view_profile/
http://example.com/any-this-else
How can I achieve this?
Was going to comment this, but it's sort of an answer. Well an idea on this subject at least.
Instead of having "/view-profile/userId" why not just "/view-profile" and send the user model as an object to the page. Then you can just render the proper information only for the user who is actually logged in to the server. Assuming you have access to the user model in your server side script, this is the preferred method.
And if no user model is present, redirect to the login page.
I am overriding sessionscontroller because I need a special behavior.
When the user signs up, he will be inactive and won't be able to login. I want to add that login to the login process.
The user will become active after an administrator authorizes him, changing one field in the CMS. How can I manage the login process so it doesnt allow inactive users to login?
You can simply add a "active" column to your user table and devise does the magic for you :).
Take a look at the link below to see how it works:
http://pivotallabs.com/users/carl/blog/articles/1619-standup-3-21-2011-deactivating-users-in-devise