Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
I will try to shortly describe the problem. I created certain system to manage ventilation devices. In the most rough perspective a Laravel user owns several groups of devices and once logged in may control them. The authorization is then plainly user-wise in several places including authorizing for pusher channels.
Now, I would like a user to able to generate an URL (valid for some defined period of time) giving access to one or several groups of devices to the URL's owner, let's call him a guest. The question is: on that level of abstraction is it possible to find and implement some existing package?
At first I was thinking how to achieve this goal keeping the authorization unchanged not to modify the code extensively. That's where I arrived with an idea of a subset of a user (as in title). Would be possible to (basing on the URL with some hash) inject reduced user privileges to the session data? I mean, the guest owner of the URL can't modify the user info, can't change password, he just should be able to see and control selected groups of devices, hence the idea of subset of user privileges. Any ideas are welcome.
Thanks, pumice
You could create a randomised user account (the details of which you don't need to show the user) then create a signed URL to an endpoint where someone with the correctly signed URL is automatically logged in.
Question: Do they really need to be logged in to review the devices?
Question: how will you get this secure email to the user? If it is by email then why not create a user account using their email?
@Snapey, thanks for the answer.
Question: Do they really need to be logged in to review the devices?
not at all. But thinking about minimization of the code changes I assumed it would be the easiest path to create some kind of a ''virtual`` user and then use all authorization stuff like for regular user with minor additional changes – to select groups allowed.
Question: how will you get this secure email to the user? If it is by email then why not create a user account using their email?
This suggestion is really reasonable, but that involves an action where regular user creates user account. To me (still not an expert on Laravel) might sound a bit risky. Maybe unnecessarily!
The general story in a nutshell. Consider a school with 20 classrooms. The master janitor has access to to whole system. Then some teacher says: '' hey, I'd like to tune the ventilation in my classroom``. I thought the easiest way would be to generate URL, which user adds to favs and uses it without any additional actions. That should be possibly painless since air is something people take for granted (at least in my country) and I can't bother them with additional afford ;).
Thanks!
Please or to participate in this conversation.