stackoom
  简体   繁体   中英

Check users role Laravel

 原文  2018-08-07 11:31:03       php/ laravel/ authentication/ laravel-5.2

Question

After a user enters his credential and tries to login and after the user is found, we have a siterole table that will be checked, if the role that the user selected is found in the database "where userID=request and roleType = request" then the login is successful otherwise it fails due to choosing the wrong user role. The code is simple: 

$findrole = $request->role;
$user_id = Auth::user()->id;

$userrole =  DB::table('siterole')->where('role_id' ,'=',$findrole)->where('user_id' ,'=', $user_id)->get();
 if(!empty($userrole)) {
 make it login
}
   else{
redirect it with a fail login
  }

By failed login I mean no session should be set, where I tried this code was in 

vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php

BUT when the "role_id" is not found for that "user_Id", the user is logged in and redirected to the wrong page! Edit the function Im putting my code in is this : public function login(Request $request) { 

    $this->validateLogin($request);

    $throttles = $this->isUsingThrottlesLoginsTrait();

    if ($throttles && $lockedOut =         $this->hasTooManyLoginAttempts($request)) {
        $this->fireLockoutEvent($request);

        return $this->sendLockoutResponse($request);
    }

    $credentials = $this->getCredentials($request);




    if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {

      //MYCODE GOES BETWEEN THESE LINES

   if its not empty return the below code      
        return $this->handleUserWasAuthenticated($request, $throttles);

    }

    if ($throttles && ! $lockedOut) {
        $this->incrementLoginAttempts($request);
    }

         //if its empty return to this section

    return $this->sendFailedLoginResponse($request);

}

2 answers

solution1
 0  2018-08-07 14:22:04

Auth::user()->id returns the user id only when you are authenticated. In line 2 of your example code, when you are creating the $user_id variable you are not authenticated yet so it will always be null. You'll need to get the user_id another way.

solution2
 0 ACCPTED  2018-08-08 11:11:23

Found the solution, so where i was putting my condition is where laravel already returned a login = true, so i cant do anything.

that attemp() is actually attempting the login which is located in :

vendor\\laravel\\framework\\src\\Illuminate\\Auth\\SessionGuard.php

now in attemp function we dont have access to our request but we can pass the User type i call it (role) in function getCredentials which is located in :

vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Auth\\AuthenticatesUsers.php Step 1: 

protected function getCredentials(Request $request)
{
    //sending role as credential too
      // my input name was role 
    return $request->only($this->loginUsername(), 'password','role');
}

Now since we passed it in attemp() , its the 2nd array of our credentials BUT we have to unset it from the main credentials because laravel will create a where clause for each key in array : Step 2 

  public function attempt(array $credentials = [], $remember = false, $login = true)
   {
     //get the user roll to check if the user has the same role 
    //else kill him #Stormspirit
    $user_role = $credentials['role'];
   //as laravel make the where clause for every field we unset it from the array
   unset($credentials['role']);

    $this->fireAttemptEvent($credentials, $remember, $login);

    $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);

    // If an implementation of UserInterface was returned, we'll ask the provider
    // to validate the user against the given credentials, and if they are in
    // fact valid we'll log the users into the application and return true.
    if ($this->hasValidCredentials($user, $credentials)) {
      //user credential was valid check the role part
        $userrole_finder = DB::table('siterole')->where('role_type',$user_role)->where('user_id',$user->id)->get();

        if($userrole_finder==[]) {

            $login = false;
            return false;
        }
        if ($login) {
            $this->login($user, $remember);
        }

        return true;
    }

All set! dont forget to add use DB; check your user role table and if it was empty make the login false and return false that would do the rest and u will see laravel's invalid credential error.

You can implement this for user type I just called it role.you can also put the user type in a session in handleUserWasAuthenticated function in AuthenticatesUsers.php , exact location described above 

 protected function handleUserWasAuthenticated(Request $request, $throttles)
    {
        session(['user_role' => $request->role]);
        if ($throttles) {
            $this->clearLoginAttempts($request);
        }

        if (method_exists($this, 'authenticated')) {
            return $this->authenticated($request, Auth::guard($this->getGuard())->user());
        }

        return redirect()->intended($this->redirectPath());
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Filter Users by role Laravel Get all users with role in Laravel How to select users based on the role that they have in Laravel 5? Is it possible to select users with admin role or moderator in Laravel? Laravel 5.2 Get all users with Role (Entrust) Laravel 5.2: How to change users' role? Laravel: Get only users with 'user' role from users table Creating a drop down list in laravel to select a users role - laravel Laravel 5.5 - Check checkbox if role has permission how to assign a hasMany role check in Laravel
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM