Support the ongoing development of Laravel.io →
gitdistill
posted 9 years ago
Authentication Requests Views
Last updated 2 years ago.
0
gitdistill
replied 9 years ago

maybe the answer is here, gonna try and make sense of it, but seems a bit complicated for what I need to do:

http://ollieread.com/blog/2014/03/18/a-simplified-laravel-acl/

0
gitdistill
replied 9 years ago

someone on /r/laravel suggested this as well:

https://github.com/Vivify-Ideas/laravel-acl

hmm... this might be the best bet.

0
jimgwhit
replied 9 years ago

Not a laravel example, but I have just added the userid or ownerid to query, probably not what you're after, but you have to seperate the data somewhere.

if(Session::get('role') == 'admin')
		{
		return $this->_db->select("SELECT * FROM ".PREFIX."pets WHERE petname like :search ORDER BY petname " . $pagingQuery,
			 array('search' => $petsearch));							
		}
		else
		{
		return $this->_db->select("SELECT * FROM ".PREFIX."pets WHERE petname like :search AND ownerid =
		:ownerid ORDER BY petname " . $pagingQuery,
			 array('search' => $petsearch, 'ownerid' => Session::get('owner')));	
		}

Admin can view and edit all pets,
A user can only view and edit their pets. Linked tables via ownerid with roles admin, user.
A really simple example, but sometimes keeping things simple works. Of course in laravel you can get users info like:

Auth::user()->userid;

or:

Auth::user()->role;

No different than an orders database, if go go to amazon.com, I can only view my orders. So I figure a

and customerid = whatever

has to be incorporated somehow. Hopefully there will be another answer with a laravel way.

Last updated 9 years ago.
0
gitdistill
replied 9 years ago

yea the issue is sort of twofold.

First is a UI task, i.e only displaying edit, delete and save buttons in the view of the specified resource or even an index of all the resources (but only for theirs).

The other is a controller / model issue, i.e. allowing access to resource controller methods, specifically the edit(), update(), and destroy() ones.

Also in some cases you need to restrict the show() methods but sometimes not, if other users can see the resource but not edit it.

Last updated 9 years ago.
0
jimgwhit
replied 9 years ago

Some of this can be achieved in the construct method of controller. I always route to a controller myself. I know some folks use functions in routes, I do not. A switch statement in controller is one way to filter roles/users. Just a thought. You are better off having a seperate admin area, that has forms for admins. And the user area/forms can be restricted as needed. Even a controller can be broken down in two parts, have admin methods, and user methods in same controller. As long as the method opens the correct form.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

gitdistill gitdistill Joined 22 Oct 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
BairesDev
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise