Skip to main content

Laravel 5.4 (and 5.5) native User Authentication + Role Authorization

A very brief step-by-step of how to implement a native Laravel 5.4 user authentication + role authorization.
Starting from a fresh Laravel 5.4/5.5 installation,
run the php artisan to create the Auth resource:
    

  1. $ php artisan make:auth
    2.
Create the Role model and respective migration (-m parameter):
    

  1. $ php artisan make:model Role -m
    2.
Edit CreateRolesTable class in the migrations folder:
    

  1. public function up()
    2. 

  2. {
    3. 

  3.   Schema::create(‘roles’, function (Blueprint $table) {
    4. 

  4.     $table->increments(‘id’);
    5. 

  5.     $table->string(‘name’);
    6. 

  6.     $table->string(‘description’);
    7. 

  7.     $table->timestamps();
    8. 

  8.   });
    9. 

  9. }
    10. 

  10. public function down()
    11. 

  11. {
    12. 

  12.   Schema::dropIfExists(‘roles’);
    13. 

  13. }
    14.
Create a new migration for the role_user pivot table :
    

  1. $ php artisan make:migration create_role_user_table
    2.
Edit CreateRoleUserTable class in the migrations folder:
    

  1. public function up()
    2. 

  2. {
    3. 

  3.   Schema::create(‘role_user’, function (Blueprint $table) {
    4. 

  4.     $table->increments(‘id’);
    5. 

  5.     $table->integer(‘role_id’)->unsigned();
    6. 

  6.     $table->integer(‘user_id’)->unsigned();
    7. 

  7.   });
    8. 

  8. }
    9. 

  9. public function down()
    10. 

  10. {
    11. 

  11.   Schema::dropIfExists(‘role_user’);
    12. 

  12. }
    13.
Now let’s provide a many-to-many relationship between User and Role
Open User model and add the following method:
    

  1. public function roles()
    2. 

  2. {
    3. 

  3.   return $this->belongsToMany(Role::class);
    4. 

  4. }
    5.
Do the same with Role model:
    

  1. public function users()
    2. 

  2. {
    3. 

  3.   return $this->belongsToMany(User::class);
    4. 

  4. }
    5.
It’s time to create some seeders to add roles and users in the database:
    

  1. $ php artisan make:seeder RoleTableSeeder
    2. 

  2. $ php artisan make:seeder UserTableSeeder
    3.
Edit RoleTableSeeder class (database/seeds/ folder) adding the following code in
run() method:
    

  1. use Illuminate\Database\Seeder;
    2. 

  2. use App\Role;
    3. 

  3. class RoleTableSeeder extends Seeder
    4. 

  4. {
    5. 

  5.   public function run()
    6. 

  6.   {
    7. 

  7.     $role_employee = new Role();
    8. 

  8.     $role_employee->name = employee’;
    9. 

  9.     $role_employee->description = A Employee User’;
    10. 

  10.     $role_employee->save();
    11. 

  11.     $role_manager = new Role();
    12. 

  12.     $role_manager->name = manager’;
    13. 

  13.     $role_manager->description = A Manager User’;
    14. 

  14.     $role_manager->save();
    15. 

  15.   }
    16. 

  16. }
    17.
Do the same with UserTableSeeder class:
    

  1. use Illuminate\Database\Seeder;
    2. 

  2. use App\User;
    3. 

  3. use App\Role;
    4. 

  4. class UserTableSeeder extends Seeder
    5. 

  5. {
    6. 

  6.   public function run()
    7. 

  7.   {
    8. 

  8.     $role_employee = Role::where(‘name’, employee’)->first();
    9. 

  9.     $role_manager  = Role::where(‘name’, manager’)->first();
    10. 

  10.     $employee = new User();
    11. 

  11.     $employee->name = Employee Name’;
    12. 

  12.     $employee->email = employee@example.com’;
    13. 

  13.     $employee->password = bcrypt(‘secret’);
    14. 

  14.     $employee->save();
    15. 

  15.     $employee->roles()->attach($role_employee);
    16. 

  16.     $manager = new User();
    17. 

  17.     $manager->name = Manager Name’;
    18. 

  18.     $manager->email = manager@example.com’;
    19. 

  19.     $manager->password = bcrypt(‘secret’);
    20. 

  20.     $manager->save();
    21. 

  21.     $manager->roles()->attach($role_manager);
    22. 

  22.   }
    23. 

  23. }
    24.
Edit DatabaseSeeder class (database/seeds/ folder) adding the following code in
run() method:
    

  1. public function run()
    2. 

  2. {
    3. 

  3.   // Role comes before User seeder here.
    4. 

  4.   $this->call(RoleTableSeeder::class);
    5. 

  5.   // User seeder will use the roles above created.
    6. 

  6.   $this->call(UserTableSeeder::class);
    7. 

  7. }
    8.
Almost done! Don’t give up! ^^
Open User model and add these three tiny methods:
    

  1. /**
    2. 

  2. * @param string|array $roles
    3. 

  3. */
    4. 

  4. public function authorizeRoles($roles)
    5. 

  5. {
    6. 

  6.   if (is_array($roles)) {
    7. 

  7.       return $this->hasAnyRole($roles) || 
    8. 

  8.              abort(401, 'This action is unauthorized.');
    9. 

  9.   }
    10. 

  10.   return $this->hasRole($roles) || 
    11. 

  11.          abort(401, 'This action is unauthorized.');
    12. 

  12. }
    13. 

  13. /**
    14. 

  14. * Check multiple roles
    15. 

  15. * @param array $roles
    16. 

  16. */
    17. 

  17. public function hasAnyRole($roles)
    18. 

  18. {
    19. 

  19.   return null !== $this->roles()->whereIn(‘name’, $roles)->first();
    20. 

  20. }
    21. 

  21. /**
    22. 

  22. * Check one role
    23. 

  23. * @param string $role
    24. 

  24. */
    25. 

  25. public function hasRole($role)
    26. 

  26. {
    27. 

  27.   return null !== $this->roles()->where(‘name’, $role)->first();
    28. 

  28. }
    29.
Open app/Http/Controllers/Auth/RegisterController.php and change the create() method to set a default Role for new Users:
    

  1. use App\Role;
    2. 

  2. class RegisterController ...
    3. 

  3. protected function create(array $data)
    4. 

  4.   {
    5. 

  5.     $user = User::create([
    6. 

  6.       'name'     => $data['name'],
    7. 

  7.       'email'    => $data['email'],
    8. 

  8.       'password' => bcrypt($data['password']),
    9. 

  9.     ]);
    10. 

  10.     $user
    11. 

  11.        ->roles()
    12. 

  12.        ->attach(Role::where('name', 'employee')->first());
    13. 

  13.     return $user;
    14. 

  14. }
    15.
Run the migrate command with seed parameter. Next time you login, each user should have a role.
    

  1. $ php artisan migrate:fresh --seed
    2.
Finally the final step!
Now, all you need to do is call the User authorizeRoles() method inside your Controller Actions or Middlewares and pass an array with the user roles you want to grant access.
    

  1. class HomeController extends Controller
    2. 

  2. {
    3. 

  3.   public function __construct()
    4. 

  4.   {
    5. 

  5.     $this->middleware('auth');
    6. 

  6.   }
    7. 

  7.   public function index(Request $request)
    8. 

  8.   {
    9. 

  9.     $request->user()->authorizeRoles(['employee', 'manager']);
    10. 

  10.     return view(‘home’);
    11. 

  11.   }
    12. 

  12.   /*
    13. 

  13.   public function someAdminStuff(Request $request)
    14. 

  14.   {
    15. 

  15.     $request->user()->authorizeRoles('manager');
    16. 

  16.     return view(‘some.view’);
    17. 

  17.   }
    18. 

  18.   */
    19. 

  19. }
    20.
After this point, just proceed with the normal development flow. Build a interface CRUD to manage roles and assign them to the users.
Source: Medium
Labels:

Comments

Post a Comment

Popular posts from this blog

15 Movies That Made Audiences Leave The Theater

15 Movies That Made Audiences Leave The Theater : Source:  Screenrant Forking over an hour or two of pay makes going to see a film a burden on the wallet, even if theater chains maintain that it's cheaper than ever to go to the movies. Most moviegoers want to see a film they know they will enjoy to avoid throwing away their hard-earned cash, so when movies sometimes leave audiences feeling disgruntled, disgusted or even ill enough to walk out, it's a big deal. Even some of the staunchest movie-goers who refuse to leave the theater for any reason sometimes find themselves walking out of a production for the strangest excuses. Whether or not the theater will refund tickets paid for movies that upset or sicken audiences, hundreds of people have walked out of startling films for plenty of reasons. Sometimes it's mind-boggling. For those who wanted a scary movie, why bail when it gets too scary? Whatever happened to turning your head? Then there are the people who never re...
Post a Comment
Read more

Why you should watch movies and TV shows with subtitles on

Lately I've been watching more movies and TV shows with subtitles on. And I'm really into it. It started out of necessity. Too often I'd find myself missing what somebody was saying on the screen, especially during those quiet-but-crucial moments in movies and shows. Adding subtitles negated the need for rewinding over and over again. But when I kept the subtitles on, even when I didn't need to rewind for that moment I missed, I found myself catching more details than ever before. I was learning character names, and their proper spellings. I was catching important lines said off-screen. I was catching song lyrics. Reading the words on screen gave me a new level of comprehension, even for shows or movies I've seen more than once. I could actually see the names of diseases, and medicines, and procedures while watching medical dramas. Plots became generally easier to follow. And I grew an appreciation for shows that were well-written — seeing the script for ...
Post a Comment
Read more