Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Laravel 5 new auth: Get current user and how to implement roles?

I am currently experimenting with the new Laravel 5 and got the authentication to work (register/login).

To get the authenticated user in my controller I currently inject Guard into the controller action:

use App\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Guard;

class ClientController extends Controller {

    /**
     * Display a listing of the resource.
     *
     * @return Response
     */
    public function index(Guard $auth)
    {
        return view('client.index', ['user' => $auth->user()]);
    }
...

First Question: Is this the recommended way?

Second Question: How would I go about implementing some kind of roles/permissions? Something like client.edit, client.add, ... Does Larval 5 offer some kind of convenience here? How would I set the necessary role/permission for a route/controller action?

I am thinking that I might need to write my own middleware for that. Any suggestions on how to approach the problem?

like image 662
cgross Avatar asked Dec 19 '14 18:12

cgross


People also ask

How can we implement authentication in Laravel also explain how it works?

Authentication is the process of identifying the user credentials. In web applications, authentication is managed by sessions which take the input parameters such as email or username and password, for user identification. If these parameters match, the user is said to be authenticated.

How do I authenticate a user and admin in Laravel?

Just run php artisan make:auth and php artisan migrate in a fresh Laravel application. Then, navigate your browser to http://your-app.test/register or any other URL that is assigned to your application. These two commands will take care of scaffolding your entire authentication system!


1 Answers

After spending some more time on Laravel 5 I can an answer my own question:

Is injecting Guard the recommended way? No: If you need to access Auth in your view, you can do so already like this:

@if( Auth::check() )
    Current user: {{ Auth::user()->name }}
@endif

This uses the Auth facade. A list of all available facades is in config/app.php under aliases:

What if I need Auth in my controller? Injecting an instance of Guard like shown in the question works, but you don't need to. You can use the Auth facade like we did in the template:

    public function index()
    {
        if(\Auth::check() && \Auth::user()->name === 'Don') {
            // Do something
        }
        return view('client.index');
    }

Be aware that the \ is needed before the facade name since L5 is using namespaces.

I want to have permissions/roles using the new auth mechanism in L5: I implemented a lightweight permission module using the new middleware, it is called Laraguard. Check it out on Github and let me know what you think: https://github.com/cgrossde/Laraguard

UPDATE: For the sake of completeness I want to mention two more projects. They provide everything you need to save roles and permissions in the DB and work perfectly together with Laraguard or on their own:

  • https://github.com/caffeinated/shinobi
  • https://github.com/romanbican/roles
like image 103
cgross Avatar answered Oct 10 '22 04:10

cgross