Laravel allows us to specify auth for entire controllers as well as individual methods. My question relates to displaying data in views based upon auth status.
For instance, a view that shows basic member details with more detailed information being shown to logged in users.
echo $name
echo $city
if($user_logged_in)
echo $email
endif
That could also be handled back in the controller method by loading a completely different view for users based on auth status. The views are essentially the same so you have some DRY issues there I guess.
Also, the route/controller as a whole is not protected based on auth status since the decision on what to display is made after the controller and method are invoked.
So sometimes routes, controllers and views don't fit neatly into auth/guest roles as a whole but partially.
Now I'm wondering if handling this in the view is best practice and what are the pitfalls, or is it a matter of individual style?
User permissions is the ideal approach when dealing with partial views. Something like:
@if ($user->hasAccess('admin'))
@include('admin.dashboard')
@endif
Sentry is the most popular package to implement user permissions in Laravel.
The package should be updated to L5 in a few days.
Thanks.
I find myself doing this kind of thing quite often. Therefore I'm wondering if I'm falling into a common error in allowing data to be displayed in the view based upon auth status. That is, should I have a different application structure that simply points users to views that are entirely suitable for their auth status.
Any pointers would be appreciated.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast