Level 1
Apr 8, 2019
5
Level 3
Multi auth with different login forms
OK I don't know if what I'm trying to do is possible or sane.
As we know Laravel comes with a built in authentication system linked to the users table.
However in my application I have users (in other words, administrators) and I have customers.
A customer would never be an administrator, and an administrator would never be a customer.
What I would like are two separate database tables, one for users and one for customers.
Furthermore, I would like two completely different login screens for users and customers. I want to style them differently, and the users login screen would redirect to an administration dashboard and the customers login screen would redirect to some other page for registered customers.
What I'm trying to do seems nigh on impossible with Laravel's built in auth system. There are various packages and questions on Stack Overflow that address some, but not all, of the above requirements.
I'm seriously thinking of just creating my own authentication system, even if there is a bit of replication between users and customers, but I'm wondering if there is a better way whilst sticking with Laravel's native authentication system?
Level 75
For your setup two tables are fine, probably better. Whether you use build in Auth or custom, It's still RBAC.
I had one in a custom framework that I kind of use laravel's now and a blend of my own together.
For example for a user (customer in your case) to see their own data only:
if ($userid === Auth::user()->id) {
// allow whatever here
}
And role checking:
public static function verifyRole($role = null, $userrole = null)
{
$checkrole = explode(',', $userrole);
if(in_array($role, $checkrole)){
return $role;
}
return false;
}
Just examples, and still in work. You also have to handle admin's also. But I am still working out the best way to verify a role and allow something if the user role matches the required role for a method.
- Example an accounts method has a required role of bookkeeper.
- Logged in user has roles of admin and bookkeeper.
As long as the "bookkeeper" role matches, then all is good.
In my case an admin cannot fumble with bookkeeping. So a user with a role of admin only can't be messing around with bookkeeping.
Viewing is okay, but no adding, editing.
But any RBAC system can be and is tricky at first to set up right, takes a little trial and error.
Even Jeffrey says there are several ways and can be tricky, but if thought out not too bad.
I would not use a package. May here suggest a package right away. If you know programming well, and understand roles, not needed. And many times the package is harder than just programming it.
Many times, the permission part can be absorbed in the query.
Like an admin can view all post, but user can just see and edit their own. So working out roles with some queries can handle quite a bit.
In laravel the route is one place to check stuff, but me I like checking this stuff right at the controller method.
Level 3
In the end I went with a single users table for the purpose of authentication.
I then have separate profile tables for things like members, customers, etc which are related to a core user.
This is also quite good because then an admin user can also be a customer, etc.
The only snag is, I never did figure out how to have a separate login form. So now I use a single login form but redirect the user to different places depending on their profile type.
Level 1
I find this tutorial looks good and clean for Laravel multiple authentication. https://laravelarticle.com/laravel-multi-authentication
Level 2
You can create many roles Here is an laravel 8 example
https://phpesperto.com/post/multiple-user-roles-authentication-laravel-8
Please or to participate in this conversation.