Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
vlad31442019-04-13 15:30:54
Laravel
vlad3144, 2019-04-13 15:30:54

How to correctly implement user authorization in Laravel?

There are tables, "usrers", "usres_roles", "users_has_roles".
I made a user registration through a regular form, with the addition of a many to many relationship model. So that when a user registers, he is automatically assigned the "user" role and entered data in the "users_has_roles" table, in the user_id and role_id fields, respectively.
Through the usual Auth::attempt, data is taken only from the "users" table.
How can I correctly implement so that the user is assigned his roles during authorization?
For example, I would like Auth to store the "user_role" field. And already on the basis of the data contained in this field, it would be possible to check the user's access to the page through middleware.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
J
jazzus, 2019-04-14
@vlad3144

Create intermediate tables
user_roles with keys user_id role_id to link roles to users
role_perms with role_id perm_id to link roles to rules
Relation in user to role

public function roles() {
  return $this->belongsToMany('App\Models\Role', 'user_roles', 'user_id', 'role_id')
                ->withPivot('active');
}

In role perm
public function perms() {
 return $this->belongsToMany('App\Models\Perm', 'role_perms', 'role_id', 'perm_id');
}

Add the necessary rules to perm (table id name) of type
CREATE_PROJECT
Permission to create projects.
Write rule validation in the user model. The method iterates over roles and role rules. If it finds a rule passed from the provider, returns true. 
public function hasPerm($perm_id) {
      foreach ($this->roles as $role) {
        foreach ($role->perms as $perm) {
          if ($perm_id==$perm->id) {
            return true; }}}
    }

Add to AuthServiceProvider.php in boot. The check is done by the name of the rule (eg CREATE_PROJECT). Search by id in the hasPerm method
$perms = Perm::get();
foreach ($perms as $perm) {
   Gate::define($perm->name, function($user) use($perm) {
   return $user->hasPerm($perm->id);
   });
}

Link the rules and roles in advance through attach
When registering (or at another time, for example, with your hands in the admin panel), you assign a role to the user through attach.
Eventually.
In blade templates, you can restrict access to any element through the can directive
@can ('CREATE_PROJECT')
<input type="button" value="Создать проект">
@endcan

In controllers access to methods through Gate
public function store (ProjectRequest $request) {
    //доступ к методу
    if (Gate::denies('CREATE_PROJECT')) {
           abort(404);
     }
}

Create Middleware to restrict access to routes. There's a check
if($user->hasRole($roleId)){
   return $next($request);
}
return redirect('/');

If the user has a role, then he lets on, if not, then redirect to the main one. The hasRole method returns true/false on user, checking if the user has a role.
public function hasRole($id) {
    return $this->roles->contains('id',$id);
}

Similar questions
P
Pavel Brunki2015-08-17 23:42:54
An example of technical specifications for the development of an Android application? 3Reply
S
superyashaaa2020-02-24 18:05:02
What is the name of the links that are valid for a certain time? 2Reply
M
morfair2017-11-22 13:46:12
What CMS to use for technical documentation? 3Reply
S
stdio962017-06-07 20:22:53
Why doesn't a laravel site work on shared hosting? 2Reply
L
leopardo112015-06-29 21:03:33
Why is the router not working in Laravel? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question