Laravel Breeze started development in 2011 as a package to provide a main set of functionality around user Login. More recently it has been folded in as the main approach to Laravel User Login and authentication as a "Starter Kit". The default set of views around this are based on blade styled with tailwind.css. In [...]
Category: Security
This section describes how to make your application secure while allowing users in specific roles access specific areas of your application.
Modifying the Navbar to allow for User Login Links
Create a new file in resources\views\layouts called navAuth.blade.php use the following code <ul class="nav navbar-nav pull-right"> <li><a href="#register">Register</a></li> <li><a href="#Login">Login</a></li> <li><a href="#Logoff">Logoff</a></li> </ul> Now modify your parent view - resources/views/layouts/app.blade.php - add in the line highlighted in red below in order to pull-in the new login links on your navbar Now when you view the [...]
Using the Logged in User's ID within your Application
Now that we have the ability to login there are things that we can do with the user's login information to improve the user experience and ease of use of the application in relation to certain use cases within the application. Once the user has logged in, it should no longer be necessary for the [...]
Using the Logged In User's ID to Create a Booking
Now that we have done the hard work of making a relationship both at database and Object level between the Users and Member tables the next step is relatively straightforward. Open the file resources/views/booking/fields.blade.php. Find the code we added previously which created a dropdown list of members - as follows We can now remove this [...]
Roles and Permissions - Step 1 - Using Roles and Permissions to Secure your System
As the systems you build become more sophisticated you will find it necessary to implement more elaborate security based on the different roles the users of your system are acting in. In the tennisclub example we have been using there could reasonably be a number of roles including, System Admin, Club Secretary, Club Coach and [...]
Roles and Permissions - Step 2 - Creating a Simple UI to Create and Assign Roles and Permissions for Spatie - Laravel-permission
In the last post we installed Laravel-permission. This package provides us with database tables and an API to store and manage roles and permissions. Unfortunately, this still leaves us having to write a significant amount of code in order to assign users into roles and assign permissions to roles. Rather than doing all this through [...]
Roles and Permissions - Step 3 - Assigning Multiple Permissions to a Role
We now need to repeat the process we went through in the last post for the permission table. Let's start with scaffolding the permissions table php artisan infyom:scaffold permissions --fromTable --tableName=permissions Next remove the gaurd_name from \resources\views\permissions\show_fields.blade.php and from \resources\views\permissions\fields.blade.php Now you can go ahead and create new permissions. Permissions could include such functions as [...]
Roles and Permissions - Step 4 - Integrating the assignRoles and assignPermissions into the UI
Having created the functionality and created routes for the functionality it's a relatively straightforward process to integrate this into the existing UI. The current roles screen which was generated by the scaffolder has three icons on the right side of the line for each role. One to view the role, one to edit the role [...]
Roles and Permissions - Step 5 - Enforcing the Permissions
Having set up the roles and permissions all that remains is to enforce the permissions. There are a number of ways of doing this, it can be done in the constructor method of the controller for example. The more popular and straightforward way is to add permissions to routes in web.php. The term middleware is [...]
Roles and Permissions - Step 6 - Using Roles to Control what the User Sees on Login
Once you get your permissions set up and working you can use the Laravel @can directive to check whether a user, once logged in, has permission to access a certain page or area of the site. If they don't have permission they can be given an error and re-directed. In addition to this Spatie adds [...]