Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

HarryN's avatar

Switching between User roles in AuthController.php

Hey all,

For my website I currently have three user roles ["admin", "contractor", "user"]

On my register page I have two radio button's that allow the user to select which account type they wish to create an account for. I feel the way I have coded the logic that switches validation logic etc is messy and was wondering if anyone would have any tips on how to improve it.

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    /**
     * Where to redirect users after login / registration.
     *
     * @var string
     */
    protected $redirectTo = '/';

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => 'logout']);
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        $rules = [
            'user' => [
                'first_name' => 'required|max:40',
                'last_name' => 'required|max:40',
                'email' => 'required|email|max:255|unique:users',
                'password' => 'required|confirmed|min:6',
                'type' => 'required'
            ],
            'contractor' => [
                'first_name' => 'required|max:255',
                'last_name' => 'required|max:255',
                'contractor_name' => 'required|max:255',
                'email' => 'required|email|max:255|unique:users',
                'password' => 'required|confirmed|min:6',
                'type' => 'required'
            ]
        ];

        $data['type'] = (isset($data['type']) && in_array($data['type'], [2,3])) ? $data['type'] : 3;

        if($data['type'] == 2) {
            return Validator::make($data, $rules['contractor']);
        } elseif($data['type'] == 3) {
            return Validator::make($data, $rules['user']);
        }
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        if($data['type'] == 3) {
            $user = User::create([
                'first_name' => $data['first_name'],
                'last_name' => $data['last_name'],
                'email' => $data['email'],
                'password' => bcrypt($data['password']),
            ]);
            $user->assignRole('user');
        } elseif($data['type'] == 2) {
            $user = User::create([
                'first_name' => $data['first_name'],
                'last_name' => $data['last_name'],
                'contractor_name' => $data['contractor_name'],
                'slug' => str_slug($data['contractor_name']),
                'email' => $data['email'],
                'password' => bcrypt($data['password']),
            ]);
            $user->assignRole('contractor_name');
        }
        return $user;
    }
}

Thanks!

0 likes
3 replies
bobbybouwmann's avatar
bobbybouwmann
9 years ago
Best Answer
Level 88

It looks like you are updating the forms with javascript. I think you can update your rules to this

 $rules = [
    'first_name' => 'required|max:255',
    'last_name' => 'required|max:255',

    // Note the sometimes rule here
    'contractor_name' => 'sometimes|required|max:255',
    'email' => 'required|email|max:255|unique:users',
    'password' => 'required|confirmed|min:6',
    'type' => 'required'
];

The sometimes rule will only be fired when that field is available. So when you select a contractor you would probably show that field so it should then be parsed for validation.

Documentation: https://laravel.com/docs/master/validation#conditionally-adding-rules

You can probably get away with creating the user like so. Note that it is important to correctly fill in the $fillable array in your user model.

protected function create(array $data) 
{
    $user = User::create($data);

    if($data['type'] == 3) {
        $user->assignRole('user');
    } elseif ($data['type'] == 2) {
        $user->assignRole('contractor_name');
    }
        
    return $user;
}

You might also want to add a default role to the user. If the type is not 3 or 2, what will then happen?

HarryN's avatar

Thanks for your reply @bobbybouwmann!

I like the idea of using sometimes for the validation rule - but am I right in saying that if a visitor signed up as a user but added the contractor_name input field i.e using dev tools then he would have added data to a column he should not have access to?

bobbybouwmann's avatar

@Haryke that would be true indeed, the same works for any other column. However the rule is based on the fields the user has. So let's say a user with the role user would never access that field right? So in that case it wouldn't matter.

If you really want to keep this separated I would suggest to create different forms for each role. Then you can keep each role separate from each other.

Please or to participate in this conversation.