Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel access authenticated user in global scope

Tags:

php

laravel-5.3

I have a multi-user application with the following entity/model relationship.

User belongs to a Company and has many SupportTicket

Users of one company should not have access to the support tickets of other companies - if a user of one company navigates to a url pointing to a support ticket of another company, they should receive a 404 or something equivalent.

I was hoping to define a global scope in the SupportTicket class as follows: 

class SupportTicket extends Model {

    protected $fillable = ['company_id'];

    public static function boot() {
        static::addGlobalScope('ofCompany', function(Builder $builder) {
            $authUser = auth()->user();

            $builder->where('company_id', $authUser->company_id);
        });
    }

}

The benefit of a global scope is that it will apply to all queries. Other developers working on the project need not work when retrieving tickets as the right results will always be returned.

For example SupportTicket::all() or SupportTicket::find(5) will always restrict access by user's company.

The challenge I have now is that auth()->user() always returns null as the authenticate middleware has not yet been run.

  1. Is there a way around this?
  2. Has anyone here faced a similar problem and if so how did they go around it?
  3. Is it possible to access the authenticated user in the boot method where the global scope is registered?

Many thanks in advance for any and all responses.

like image 762
biblicalPH Avatar asked Sep 28 '16 17:09

biblicalPH

3 Answers

Laravel 5.6.26 introduced Auth::hasUser() to determine if the current user is already authenticated without querying the User model in your database. You can find more details at https://laravel-news.com/laravel-5-6-26

So you could do something like this:

static::addGlobalScope('ofCompany', function(Builder $builder) {
    if( auth()->hasUser() ){
        $builder->where('company_id', auth()->user()->company_id);
    }     
});
like image 105
maelga Avatar answered Oct 08 '22 17:10

maelga

You can check inside the boot method if there's an authenticated user using \Auth::check() before calling \Auth::user(). If the Auth middleware is wrapping routes or the controller itself then you can access the authenticated user anywhere using the facade \Auth::user()

like image 32
Fabio Ferreira Avatar answered Oct 08 '22 18:10

Fabio Ferreira

If you are using Tymon's JWT Auth package, you can get auth user like this

$authUser = \JWTAuth::parseToken()->authenticate();
like image 20
Sašo Kovačič Avatar answered Oct 08 '22 17:10

Sašo Kovačič
Sign in to Comment

Related questions

Symfony ignore AppleDouble
paginated api request, how to know if there is another page?
Force refresh of modified JS & CSS file in cakephp
Need suggestions on using Entrust roles in a single resource controller - Laravel5
Why use dotenv library instead of parsing ini file?
Any equivalent to subprocess in PHP?
Generating Crystal Report via PHP Hangs
Laravel 5.2 not showing form validation errors [duplicate]
How to set umask for php5-fpm on Debian?
Request is empty laravel ajax multiple images
bigint truncated via PDO?
Comparing only the selected value in loop to avoid error message
For an abstract function, should the phpdoc be defined for the abstract function, the implemented function, or both?
PHP returning array with requirements done
How to Paginate Multiple Models in Laravel
How to scroll div contents vertically in a loop like news feed in php page
Upload text file to Google uploads via PHP FTP PUT
Format a number with grouped thousands on Y-Axis in graph using chartist.js
Cake Php paginator issue
Use all images from my default store on my new store view

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!