Hello! Recently I started learning Laravel and decided to start writing a blog for this purpose. The blog already has a user authentication system (out of the box), the output of articles and the form for writing them.

@if (Auth::loginUsingId(1)) //где 1 - id администратора <li><a href="{{url('/createpost')}}">Создать статью</a</li> @endif

With this code, this user simply authenticated automatically when entering the page, and it was impossible to exit. It seems I understood this method a little wrong and use it incorrectly. Please tell me the solution to the problem. Thanks in advance.

  • If you do not beautifully and not correctly try checking @if(Auth::user()->id == 1) - for this, the model must have access to the table field, see the $fillable property. But still I advise you to figure it out and do it right - Vlad
  • Thank you for the answer, I did the verification as you wrote, it may not be beautiful and not correct, but at least the verification has worked, it already pleases! :) I will try to better deal with this topic later, thanks again! - Dust0

3 answers 3

Yes, the method you tried to use is designed to log in by ID , but not for verification.

In order to organize the verification of user rights , you need to assign these rights to him, and here you have two ways, write your bike , or use one of the ready-made solutions .

If you write yourself, make a table of rights and a model for it, associate them with the user using eloquent links, and freely check whether rights are assigned to the user anywhere. You can peep the example implementation in the first pack.

Or use one of the packs:

A more basic option that supports direct binding rights to the user.

The option is more complicated with assigning rights to a role, and the role is already in turn assigned to the user.

  • Thanks for the help - Dust0
  • @ Dust0 If one of the answers you think is correct, mark it as an answer. - Vlad

I advise you to use Policies that come out of the box.

  • Thanks for the help - Dust0

As I understand you need an admin system, if so, create middleware

 php artisan make:middleware Admin

And add it to the handle function.

 if (Auth::check() && Auth::user()->isAdmin()) { return $next($request); } return redirect('/home');

Also create a controller

 php artisan make:controller AdminController

Open this controller and replace with this code.

 namespace App\Http\Controllers; use Illuminate\Http\Request; class AdminController extends Controller { public function __construct() { $this->middleware('admin'); } public function index() { return view('admin.home'); } }

After go to

app \ http \ Kernel.php

and add the line 'admin' => \App\Http\Middleware\Admin::class, to protected $routeMiddleware 'admin' => \App\Http\Middleware\Admin::class, we get something like this:

 protected $routeMiddleware = [ 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'admin' => \App\Http\Middleware\Admin::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, ];

Open app \ User.php and add a function

 public function isAdmin() { return $this->admin;//в таблице users обязательно должно быть колонка `admin` }

You also need to add the admin column in the users table or in the folder

datebase / migrations / create_users_table.php

after $table->string('password'); add $table->integer('admin')->nullable(); and execute the php artisan migrate command

Open routes / web.php

and add this Route::get('/admin', 'AdminController@index');

Create in resoures / views /

admin / home.blade.php // insert any text inside the file.

In the database, give yourself the admin panel and follow the link you-app.dev/admin will show your text in admin / home.blade.php or redirect back to you-app.dev/home. This is the case if you need a panel for the administrator.

if you just want to restrict the rights, create an admin column in the users table and

app / User.php

Insert

 public function isAdmin() { return $this->admin;//в таблице users обязательно должно быть колонка `admin` }

Here you have a restriction, and you can check the rights like @if (Auth::user()->isAdmin())

  • I would not recommend considering this option, it is only suitable if it is necessary for yesterday and there is confidence that there will be only one role in the system (admin). If you later need to add some more access options, you will have to rewrite a lot of code ... Already faced with a similar implementation . And unnecessary elevation of the user table is also not the best option, it is often the most ponderous. - Vlad
  • Thank you for your reply, I will try to figure it out! - Dust0