Best solution for three types of users

8

I'm starting in frameworks MVC with Laravel 5.3

I have 3 very different types of users, OperadoresDoSistema , AnunciantesDoPortal and ClientesCompradores , who can view the ad. Each has its sessions, its dashboards, login and other resources in isolation.

Reading the documentation, I find only one generation of authentication for a simple type of User . What is the best solution to create authentication for all 3 types?

  • Modify this Users table, integrating it with the 3 roles ?

  • Modify the Laravel generator for this purpose by creating 3 type tables User ?

  • Manually authenticate myself, supported by Guards and Auth ?

Is the best way to use external packages?

Is this a good practice?

I've read this post , but it did not solve:

I've seen this video too, but it seemed to subvert Laravel:

Which is the best solution? What is Laravel's way?

    
asked by anonymous 28.10.2016 / 13:33

1 answer

4

From Laravel 5.2 a multi-authentication system has been made simple (I am pretty sure that in 5.3 the system remains the same), in this case we have two types of users to authenticate (admin and client), but can be scalable for more:

config / auth.php:

...
'guards' => [ // acrescentar aqui mais tipos de utilizadores a autenticar
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
    'admin' => [
        'driver' => 'session',
        'provider' => 'admin',
    ],
    'client' => [
        'driver' => 'session',
        'provider' => 'client',
    ],
],

'providers' => [ // acrescentar aqui mais tipos de utilizadores e respetivos models a autenticar
    'admin' => [
        'driver' => 'eloquent',
        'model' => App\Admin::class,
    ],
    'client' => [
        'driver' => 'eloquent',
        'model' => App\Client::class,
    ],
],
...

Controller / method responsible for Admin authentication in this case, login form post:

public function admin_auth() {
    $credentials = array(request()->email, request()->password);
    if(!Auth::guard('admin')->attempt($credentials, request()->has('remember_me'))) { // note que no guard estou a especificar um dos que defini em 'config/auth'
        return redirect('/'); // autenticação não foi bem sucedida
    }
    return redirect('/admin/dashboard'); // se entrar foi bem sucedida
}

Then on the route /admin/dashboard , and other routes where you need to be authenticated, either client or admin:

Route::group(['middleware' => ['guest']], function() {
    Route::get('/admin/dashboard', 'AdminController@home_dashboard'); // se entrar nesta rota é porque está autenticado e vamos para home do dashboard
}

In the middleware RedirectIfAuthenticated we can have:

public function handle($request, Closure $next, $guard = null) {
    $guards = array('admin', 'client'); // colocar também aqui os tipos de utilizadores com rotas autenticadas, os guards definidos em config/auth.php
    $guard = $request->segments()[0]; // ajustar, neste caso o guard é o primeiro segmento do url, ex: http://exemplo.com/admin/... ou http://exemplo.com/client/..., em que o $guard vai ser admin ou client dependendo do que vem depois do ...com/
    if(in_array($guard, $guards)) {
        if(Auth::guard($guard)->check()) { // verificar se este tipo de utilizador, guard, está autenticado
            return $next($request); // bem sucedido executar o código definido na rota (controlador/metodo)
        }
    }
    return redirect('/'); // utilizador não autenticado, redirecionar
}
    
28.10.2016 / 14:14