Support the ongoing development of Laravel.io →
Authentication Security

I've been tinkering with my own user authorisation and providing user roles based on a database entry for my users.

I made two roles; a user role which is just a general, signed up user, and an author role, which is obviously for an author.

In my users table migration, I'm using $table->string('role')->default('user');.

In my User.php, I set up two public functions that calls the role database entry in my users table, like so:

public function isUser()
{
	if (Auth::guest()) return false;
	return Auth::user()->role = $this->role == 'user';
}

public function isAuthor()
{
	if (Auth::guest()) return false;
	return Auth::user()->role = $this->role == 'author';
}

Which I can now call in my templates, like so:

    @if($user->isUser())
        ...
    @endif

    @if($user->isAuthor())
        ...
    @endif

This gives me the control I expect, but I'm not entirely sold on the fact 'it's that easy'. I understand that yes, I can create a relationship with the User and bind the relationship between two models, but I found this pretty neat. My only worry on this is security.

This may not be best practise by a long shot, but I'm fairly new to Laravel and was wondering what security implications doing it the way I have done vs. other methods available.

My last questions are, should I want to provide Route filters, can i do this using my method implemented above and, should I be using before anywhere to check the current users role before I load a view?

Any thoughts would be much appreciated!

Many thanks, James.

Last updated 3 years ago.
0

If this method works for you there is nothing wrong with it. Definitely if a whole page is blocked unless the user is an author then use filters. If it is just sections on the page there is nothing wrong with checking within the view.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

DevJMD devjmd Joined 19 Jan 2015

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.