Unlimited Plugins, WordPress themes, videos & courses! Unlimited asset downloads! From $16.50/m

Next lesson playing in 5 seconds

  • Overview
  • Transcript

2.3 Setting Up Security

In the previous lesson, we started working with our database schema, we created a pages table to store our content. And now we just need to focus on the permission aspect. We want to be able to control what a user can and cannot do within our application. So we can approach this in a couple of different ways. The first way is to rely upon a third party package and that is a viable solution. And in a real world scenario, you might want to do that. But it's also a good idea to understand how these types of systems are implemented at least at a basic level. So that if you do have to roll your own, you have an idea of where to start. So that's what we are going to do in this course. Starting in this lesson, we are going to, create two tables for managing the permissions of a user. So what we are going to essentially have is a three table system where we have our users, we have our roles, and then we have a table that's going to link the users and the roles together. So some people call this a LinkingTable and really that's the only term that I've heard use, but I'm sure that there are others. So we already have the users table that was created in the previous lesson by Laravel itself. All we did is run the migration and we were good to go. So when it comes to the Roles table, this is a very simple table where we just have an id. And then we have the name of the role. We could also have a description if we wanted to go that far, but we're just gonna stick with the id and the name. So there's not gonna be any other information here, it's just a table that contains the roles that our application is gonna use. And then the linking table, which we're going to call Role_User is going to have an id. It's going to have the role_id, and then the user_id. So each record within this table Is going to have the role and the user that that role is assigned to. And this is probably the most common way to approach a role based permission system. So we just need to implement these things. Let's go to the command line and we're going to start by, Using artisans scaffolding feature because the authentication aspect, the user registration and authentication is already built in. All we need to do is just add that. So it makes sense to go ahead and do that because eventually we're going to need this stuff. Now with Laravel 6, all of the auth scaffolding has been placed inside of an external package that we have to require with composer. It's called a Laravel/ui. And we will of course need to bring that in with composer. Now it might seem strange that the authentication scaffolding is in a package called UI, but if you think about it, there's a lot involved with authentication. And especially coming from Laravel 5 where we just ran the make auth command, that gave us controllers that gave us views and it was primarily views that it provided. So in this particular case, it does kind of make sense that all of the authentication scaffolding is in a package called UI. That's just how it is, that's how we have to go with it. So now, we get to use artisan to essentially scaffold the UI, but we also need to specify a JavaScript framework and in this case, I'm going to use vue. Believe react is another option if you wanted to go that route. And the reason being is because there are some JavaScript components that we can use with our ui that are already built in. But in our particular case we do want to make sure to specify auth that way we get all of the views necessary for our authentication. But we're not done unfortunately, we of course need to install all of the node packages because all of our CSS and everything else is actually needing to be compiled. So the first thing we will do is install all of our node packages. Then we will run the dev command so that it will compile all of our client side assets and most importantly, the CSS because without it, well, our website's not going to look very nice. And of course, that's just as simple as saying NPM run Dev. We of course need to wait for this to completely compile. But once it's done, we are good to go. If you're curious as to what that did. If you go to the app, and then HTTP and then controllers, we now have this Auth folder, and then the controllers there. If you go to the resources, views, there's now this auth folder that has the views for our auth. So as far as creating users, logging them in, we don't have to worry about that that's automatically done for us. And that is a huge relief, at least in my opinion. So now we just need to focus on, creating those other two tables, our roles and our role user. So the first thing is we need a model for our role because that is how we are going to access the roles within our system. So, we're going to say php artisan make:model. I'm gonna call it roll and we will let this create a migration for us. And then let's go ahead and create another migration since we're here at the command line, and this will be for the role user table. So we will say php artisan make:migration and create_role_user_table. And we will just hop on over to our code editor and we will make some changes here because we of course want to add our fields to those tables. So let's go to the migrations folder. We now have two new migrations. Let's start with the roles table. And we will add simply the name field here. So this is going to be a string, and that's pretty much it as far as we are going to do. If you wanted to have a description, and things like that, then you could do that. But we're going to keep things simple. And as far as this particular migration is concerned, we're done. So let's close that. Let's go to the create role table. And this is also going to be very simple. We are going to add two new fields, one for the role id, the other for the user id. So these are integer values, and it will be roll_id. And we'll just copy and paste, make the change to user_id there and that's it for that migration. And so now let's go to our models, because there is a relationship between our user and the roles. So we are going to kind of do what we did in the previous lesson where in the user model we created this pages method. We're going to do the same thing for roles except that this isn't going to be a has many relationship. So we will say public function roles and we will return this and we are going to say belongsToMany, and then we will specify App/Role. And then we will just create the inverse relationship. So let's just copy that because that's all we really need to do except change the name of the method. So inside of our role, class we will then say users belongsToMany, and then the model classes the user class. Now later on, we might want to add a few other methods to our user class. So that we could check to see if a user is in a given role. Like for example, let's just go ahead and do that since we're here. Let's have a method called hasAnyRole so that we can pass in an array of roles. And then we will just check to see if the user is in any of these roles. So we will return and we want to check our roles. So we will say this roles and we're going to use whereIn the name is in the roles that was passed. We don't really care, as long as we have something here. So if first returns an actual record, then the user is in that role. But if it returns null, then the user is not in any of the provided roles. And that is good enough for me. Let's just copy and paste that and we will call this method has role so that we pass in a single role. So that's our query is going to be simply where, the name is equal to role and we will do the same thing. If it returns a record then that users in the role. If not, then the user is not in that role. And that will give us an easy way to check if a user is in or isn't in a role. So now let's just seed our database because we have some tables already out there. Well, we haven't migrated those yet but let's go ahead and write some seeders. So let's go to our command line php artisan make:seeder and we're going to create one for the Userstable. So we'll call this UsersTableSeedars. And we will do the same thing for our rolls as well. This way we will have some data to start with and, there we go. So let's go to our database folder. Inside of the seeds folder we now have the database seeder, which was there to begin with. But now we have the roles, table, seeder and the UsersTableSeeder. So let's start with our roles. Let's go ahead and use App/Role so that we can use that role class here because it makes it a whole lot easier. We first of all want to truncate because whenever we seed our database, we essentially want to start fresh. So we're going to truncate which is going to take everything out of the roll table if it exists, and then we want to create our roles. So we will say roll and then create. And let's just have a few rolls. The simpler the better. Of course in a real application, we might have a ton of rolls, but for development purposes, the more simple, we have, the better we have. So let's have an admin. Let's have an editor. And let's have an author. And that's really all that we need. So now let's go to our UsersTableCedar. And we are essentially going to do the same thing. We're going to see the users table with some users but we're also going to attach some roles to those users, so let's use App/User. Let's also use App/Roll. And let's get two of our roles. Let's get the adminRole, which we will use Roll and then where name is going to be equal to admin. And we'll get the first one there. And then let's also get just the authorRole. And we will get the one with the name, author. So we have those two roles. Let's create two users. The first one is going to be the admin. But of course here we want to truncate the user table as well. So let's go ahead and call the truncate method. And then we will create our admin User. So we will say User create, then we're going to pass in the data for this user. So we'll say the name is going to be Admin, the email address, it really doesn't matter because we're not going to be doing anything with the email addresses. So let's say admin@admin.com and then the password. Let's just make it password but we want to encrypt this. So we're going to say bcrypt and then password. So there is our admin user. Let's go ahead and copy this for our other user, let's just call this user Joe. So we will have Joe his name will be Joe. The email address will be joe@joe.com, and the password can be password as well but then we need to attach our roles. So our admin is going to have the adminRole, that just makes sense. So we're going to use our roles method. We are going to attach the adminRole. And then for Joe, we will use the authorRole. So we will attach authorRole. And then we just need to migrate our database and then run the seeder. Although we do need to go to our database seeder, because we need to specify that we have some seeder classes here. Now we have the UsersTableSeeder already here but we want to run multiple seeders we want to run not only the user, but as well as the RollsTableSeeder as well. So we're going to pass in an array. The first one needs to be our rolls because if you'll remember whenever we seed our users table, we are using data from the rollsTable. So we need to seed rolls first so we will say roll and then class. And then UsersTableSeeder class although we need this TableSeeder. And then we can migrate and run the cedars. So let's go to the command line, php artisan migrate and everything migrated. If it had an error, of course there would be an error here, but we did everything correctly. So we're good to go there. And then we're going to say php artisan db:seed, and that's going to seed although we have an issue RollTableSeeder does not exist and that is because that should be RollsTableSeeder. So let's run the seed again. And it helps if you spell roll correctly and I probably did. Yeah, there we go. So, if I do one thing wrong once I typically know that I have done it wrong multiple times, so yeah, I'm sure you were screaming at the screen saying you idiot and yes I am. So let's run the seeder again, there we go. Let's look at the data now. So we can go to our Tables. Let's Refresh we now have the roles. Let's look at them. We have our three roles, admin, editor, author. If we look at the users, we will see our two users. We have our admin and Joe and then we look at the role_user. And we will have the records there. So our first record, has a role id of 1 that's the admin, and then the user id of 1 that's the admin_user. Then we have the second record, the role_id, that is the author role. And then the user_id, which is 2, which is our Joe user. So we have set up our database for permissions. We implemented a three table solution, one for the users, one for the role, and then a linking table to link those two together. And we also added some methods to our user class, so that we can easily check if a user is in a given role.

Back to the top
View on GitHub