When updating a user's account, what is the best way to only allow the user itself and the admin to do so?
I use multiauth and the only way I can think of is:
public function update($id)
{
if (Auth::admin()->check() || Auth::user()->get()->id == $id)
{
// Allow update
}
}
Is there a cleaner way to do so?
Where you put this code depends on your architecture.
If it's a simple setup, the model might be the perfect place for it:
class User extends Eloquent implements .... {
protected static function boot($id)
{
static::updating(function($user)
{
return $user->canCurrentUserUpdate();
});
}
protected function canCurrentUserUpdate()
{
return Auth::admin()->check() || Auth::user()->get()->id == $this->id;
}
}
Related
I have a question.
I have table users.
And in table users I have account_type column.
I need determine if user is standard user, or administrator
How I can do it globally in the application?
Now I do this check in every file or controller:
if(auth()->user()->account_type == 0) { ... } else { ... }
You can use Global Middleware
Create a Middleware, for Example :
...
class PageAccess {
public function handle($request, Closure $next) {
if(auth()->user()->account_type == 0) {
return $next($request);
} else {
return redirect('/');
}
}
}
in app/http/Kernel.php add your Middleware
protected $routeMiddleware = [
....
'page_access' => \App\Http\Middleware\PageAccess::class,
];
You can define a Base Controller and extends the BaseController to your all Contontroller like
Class UserController extends BaseController{
....
}
Look for Laravel Repository Pattern. It will help you.
You can create a middleware to define which user type can use the route.
And you can create a function in your user model to check the account type like this :
public function isAdmin(){
return ($this->account_type == 1);
}
So when you need to check the account type you just have to use
auth()->user()->isAdmin()
I'm developing an application which involves authentication and files acl.
Now I want to write a method on the file model called "userCanAccess" which check if the given user/ the user role is in the file acl.
The code will be something along those lines:
public function userCanAccess($user = null) {
$user = is_null($user) ? auth()->user() : $user;
if($this->acl->users->contains($user)
|| $this->acl->roles->contains($user->role)) {
return true;
}
return false
}
Is it right to place this kind of logic on the model?
Laravel has a neat built-in bit of functionality called Policies.
You'd create a FilePolicy that applies to the File model:
php artisan make:policy FilePolicy --model=File
and in the resulting app/Policies/FilePolicy.php, you'll see some ready-to-edit existing policies, one of which is called view. Put your authorization logic here.
Once you've built that, you can apply the policy in a variety of ways, like controller functions, middleware on your routes, or directly within views using the #can Blade directive.
https://laravel.com/docs/5.8/authorization#authorizing-actions-using-policies
This should work just fine for me, but rather than bombing the model class, I would extract it to the trait.
You can make roles and permissions tables
User model:
public function roles()
{
return $this->belongsToMany(Role::class);
}
Role model:
public function users()
{
return $this->belongsToMany(User::class);
}
public function permissions()
{
return $this->belongsToMany(Permission::class);
}
Permission model:
public function roles()
{
return $this->belongsToMany(Role::class);
}
then in app/Providers/AuthServiceProvider you can make Gate like this:
public function boot()
{
$this->registerPolicies();
foreach ($this->getPermissions() as $permission) {
Gate::define($permission->name,function($user) use($permission){
return $user->hasRole($permission->roles);
});
}
}
private function getPermissions(){
return Permission::with('roles')->get();
}
at the end you can use ACL everywhere you want by just write Gate name like:show-comments or access-files or ....
In laravel I want to call a function within function to make recursive.I caught the route error.how to call the function 'recursive in tableFetch'
class queryTest extends Controller
{
public function tableFetch() {
recursive();
}
function recursive(){
//condition
}
}
I want to do it for check the manager of the given person and then get the manager of the fetched value in query so need to do it recursive
A controller is not a good place for this. Instead, manage it in your Person Model(or whatever you have).
Everyone has a manager. So, your model has HasOne relation to itself.
Person Model:
public function manager()
{
return $this->hasOne(Person::class, 'manager_id');
}
Now if you need to check the manager of given person untill you meet a certain condition you can do it inside the model and get the result in the controller.
public function checkManager()
{
$manager = $this->manager
if (check manager)
return $manager;
//check for the last manager
return $this->manager ? $this->checkManager() : null;
}
Inside controller
function index()
{
$person = Person::find($id);
$manager = $person->checkManager();// this will do the recursive you need
}
Do something like this
class queryTest extends Controller
{
public function tableFetch() {
$this->recursive();
}
function recursive(){
//condition
}
}
you need to ask more precise details about your needs, because Laravel has some complications.
try doing this :
class queryTest extends Controller
{
public function tableFetch() {
$this->recursive();
}
public function recursive() {
//condition
}
}
Below is the one of the model. I would like to delete a Telco entry only if no other model is referencing it? What is the best method?
namespace App;
use Illuminate\Database\Eloquent\Model;
class Telco extends Model
{
public function operators()
{
return $this->hasMany('App\Operator');
}
public function packages()
{
return $this->hasMany('App\Package');
}
public function topups()
{
return $this->hasMany('App\Topup');
}
public function users()
{
return $this->morphMany('App\User', 'owner');
}
public function subscribers()
{
return $this->hasManyThrough('App\Subscriber', 'App\Operator');
}
}
You can use deleting model event and check if there any related records before deletion and prevent deletion if any exists.
In your Telco model
protected static function boot()
{
parent::boot();
static::deleting(function($telco) {
$relationMethods = ['operators', 'packages', 'topups', 'users'];
foreach ($relationMethods as $relationMethod) {
if ($telco->$relationMethod()->count() > 0) {
return false;
}
}
});
}
$relationships = array('operators', 'packages', 'topups', 'users', 'subscribers');
$telco = Telco::find($id);
$should_delete = true;
foreach($relationships as $r) {
if ($telco->$r->isNotEmpty()) {
$should_delete = false;
break;
}
}
if ($should_delete == true) {
$telco->delete();
}
Well, I know this is ugly, but I think it should work. If you prefer to un-ugly this, just call every relationship attributes and check whether it returns an empty collection (meaning there is no relationship)
If all relationships are empty, then delete!
After seeing the answers here, I don't feel copy pasting the static function boot to every models that need it. So I make a trait called SecureDelete. I put #chanafdo's foreach, inside a public function in SecureDelete.
This way, I can reuse it to models that need it.
SecureDelete.php
trait SecureDelete
{
/**
* Delete only when there is no reference to other models.
*
* #param array $relations
* #return response
*/
public function secureDelete(String ...$relations)
{
$hasRelation = false;
foreach ($relations as $relation) {
if ($this->$relation()->withTrashed()->count()) {
$hasRelation = true;
break;
}
}
if ($hasRelation) {
$this->delete();
} else {
$this->forceDelete();
}
}
}
Add use SecureDelete to the model that needs it.
use Illuminate\Database\Eloquent\Model;
use App\Traits\SecureDelete;
class Telco extends Model
{
use SecureDelete;
public function operators()
{
return $this->hasMany('App\Operator');
}
// other eloquent relationships (packages, topups, etc)
}
TelcoController.php
public function destroy(Telco $telco)
{
return $telco->secureDelete('operators', 'packages', 'topups');
}
In addition, instead of Trait, you can also make a custom model e.g BaseModel.php that extends Illuminate\Database\Eloquent\Model, put the function secureDelete there, and change your models to extends BaseModel.
I followed the suggestions from user ehp in order to build a lightweight messaging-system:
https://stackoverflow.com/a/18717864/1084315
Users: id | username
Messages: id | from | content
user_messages: user_id | message_id
class User extends Eloquent {
public function messages()
{
return $this->belongsToMany('Message');
}
public function sent_messages()
{
return $this->hasMany('Messages', 'from');
}
}
class Message extends Eloquent {
public function from()
{
return $this->belongsTo('User', 'from');
}
public function to()
{
return $this->belongsToMany('User');
}
}
I create a message like this:
User::find(2)->messages()->create(array('text'=>'this is a message from admin to someone', 'from'=>'1');
Now I need to find / get every Message from a specific user to a specific user.
But in this example only the 'from' IDs are stored in the 'messages' table directly.
I can not even access the pivot of any Message by using
User::find(1)->sent_messages()->get();
What are best practices for collecting messages between one and another user?
Any help highly appreciated
First of all, I think there's a small typo:
public function sent_messages() {
return $this->hasMany('Messages', 'from');
}
This should probably be:
public function sent_messages() {
return $this->hasMany('Message', 'from');
}
Now, if you're looking to get all the messages sent from one user to another, what about this? Untested, but placing a constraint on the to relationship should do the trick.
$messages_from_A_to_B = Message::where('from', $UserA->id)->whereHas('to', function($q) use ($UserB) {
$q->where('user_id', $UserB->id);
})->get();
On a side note, I'm assuming that you specifically require that a user can send a message to more than one user? Else the following table structure seems like it would be easier:
users: id
messages: from | to
And then you just need:
class User extends Eloquent {
public function messages() {
return $this->hasMany('Message', 'to');
}
public function sent_messages() {
return $this->hasMany('Message', 'from');
}
}
class Message extends Eloquent {
public function from() {
return $this->belongsTo('User', 'from');
}
public function to() {
return $this->belongsTo('User', 'to');
}
}
$messages_from_A_to_B = Message::where('from', $UserA->id)->where('to', $UserB->id)->get();