Looking for a bit of advice and direction with access levels within Roles.
I have a MVC Project that makes use of AspNetRoles, for example I have the following roles set-up:
Admin
CustomerIndex
CustomerCreate
In my Customer Controller I have:
[Authorize(Roles = "Admin, CustomerIndex")]
public ActionResult Index() ....
[Authorize(Roles = "Admin, CustomerCreate")]
public ActionResult Create() ...
What I want to do is restrict what the User can see and do based on his/her access level within the role.
Let's say I have the following Customers: ABC, DEF, XYZ
I want to grant different users read access to different customers, ie: User1 to have CustomerIndex role but only view data for ABC, DEF and then User2 to have CustomerIndex role but only for customer XYZ and then similar for the CustomerCreate role.
So if User1 runs to the Customer page, he will only be presented with the customer data for ABC, DEF
If User2 does the same, he will only see data for customer XYZ
What is the best way to achieve something like this?
In your case, the customers a user can see is not really related to the roles they have. You need to think about bringing back the filtered list of customers via your apps business logic, rather than trying to do it via roles.
In your example, you'd need some sort of data store with a User column, and a Customer column.
Users Customers
User1 ABC
User1 DEF
User2 XYZ
When a user with a CustomerIndex role requests the Index controller, the Authorize attribute will allow them access, then in the controller itself, you query your data store, and return all Customers for the current User and pass that back to your view in a model. The same goes for the Create controller.
Related
Here are some user profiles like: DoctorModel, UserModel, ClinicModel.
Each has own set of fields in database.
How to add concrete model in global scope when user is authorized to be able get model fields across all application.
For exmaple if user authorized as clinic I want to get from this model field nameClinic everywhere.
Now by defaul I got UserModel form Auth::user()
IMO this is somewhat a wrong approach. You can maintain a UserModel for all types of Users and the details that might change can be held on other Models.
For example, the ClinicModel belongsTo relationship on UserModel and holds the details specific to the clinic over there.
I am very new into programming and trying to make some work on Laravel / Voyager.
I have a Customers table and on this table there is also Customer_Representative field where I can select / assign customer representatives from dropdown list.
What I am trying to achieve is I want each users with their assigned roles (Customer Representative) to list customers only assigned for them.
I am using this below code, but I am not able to see list of customers that other users created. I can only see the customers I / Admin created but If I login with their details I can see their assigned customers.
So as an admin I want to be able to see all customers, so I can also edit them with my login credentials.
public function scopeCurrentUser($query)
{
return $query->where('Customer_Representative', Auth::user()->id);
}
I saw many suggested to use if but I couldn't figure out how to do it.
Appreciate your supports !
If I understand correctly, you want to display:
admin users - all users
non-admin users - only assigned users
You can either change the query in controller, but if you want to do it in scope I suggest something like this:
public function scopeCurrentUser($query)
{
return $query->when(auth()->user()->is_not_admin, function ($q) {
$q->where('Customer_Representative', auth()->user()->id)
});
}
You change the auth()->user()->is_not_admin to your condition for non-admin validation. The scope utilizes the ->when() function to append the condition to query only if the condition (in this case if authenticated user is not an admin) is true.
So if authenticated user is not an admin, his query will be filtered by Customer_Representative.
I have one model user and one table against that model users I have different roles for user as patient, hospital and so on, each user have different fields and values to enter during registration so I have created different routes and controllers for different roles.
Now I'm facing problem during authorization process how I can authorize. I have only one model user so I can create only one policy called UserPolicy and use the $this->authorize method in the UserController.
I have also other controllers as PatientController, HospitalController which all bound to the one table and model called user and fetching the record only based on the user type. Now how can I create the policies for them and use the $this->authorize method in the Hospital, Patient controllers?
you are using the same table and you require different data from each kind if user ?
anyway if that the situation , you can create a type field in the users table , then create 2 middlewares , in your middleware check the type of the user then throw an exception or make him pass
I am trying to start an application but it's not for managing hospital, it will be for doctors and patients. Where there will be multiple types for users will be able to login such as Doctor, Patients/Guardians.
Doctors can have multiple clinics at multiple locations and doctor can manage patient records. Once the patient account has been created by doctor then patient can take appointment from doctor or update his appointment status and many more stuff will be there next.
The thing is how to go with the ERD?
I will have
User //User accounts used to login in to the system
Doctor
Patient
Guardian
Role
Permission
These are the models I have currently created, but they don't seem right to me.
Should I remove role columns as I already have different tables for different pre-defined roles?
Or should it be there? But how to manage permissions on users if no roles table is there?
Also, most importantly, how to go with one to one with users? I mean should I go and create functions in user model such as:
public function doctor(){}
public function guardian(){}
public function patient(){}
Or is there a better approach to follow?
If they are all users, you can extend different users from a base user model.
If they require different columns in database, consider single table inheritance.
If roles are static, I would create a class called UserType and have constants of each user type mapped to an integer. In the database, the user table will have a type column which is mapped to this integer.
For example:
class UserType {
const DOCTOR = 1;
}
In your application you'll be able to check the type of user by doing $user->type === UserType::DOCTOR
In the Eloquent itself, you can extend newFromBuilder method to check the type attribute and return the child class (like Doctor) instead of User. So even when you do $user = User::find(1);, you'll still get the class Doctor.
When creating users, you can just create Doctor itself but make sure in __construct to set the appropriate type attribute.
So now you have a base User class, your shared functionality can go here. Specialised methods such as relation to clinics can go in the Doctor class.
This is somewhat similar to the above: https://github.com/Nanigans/single-table-inheritance
Using parse.com.
I have the following format set up:
City roles
Department roles
Users that belong to a specific Department and City combination (i.e. user has relation to Department and City role)
I have a Register class. I want to restrict access to an object in that class to a user that belongs to BOTH Department AND City. Is that possible?
I know I could have a new role for each City+Department combination but I could end up with hundreds of roles. That seems incorrect/inefficient.
Is there a good way to do this?