Assign roles to users, creating and editing users - EP9 - Laravel 8 User Login and Management System

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] now we have the basics of our delete method in place we're going to look at how we can do our edit and create pages so just before we get started on this i'm going to rerun the migrations and seeds on this application so we have a fresh set of data so over in mid terminal i'm doing a php artisan migrate colon refresh hyphen hyphen seed that reruns all our migrations and our seeds so we have a fresh set of data in our database you can see now we're back down to 10 random users and our pagination's gone because we've only got 10 users in the system so for our create and edit pages they're mostly going to be sharing the same form input fields so we're going to look at a method of including blade partials so that we can write that code once and then use it in both of the create and edit pages now we could also create a blade component for this but there's a good reason why i'm not going to because of how components and includes work and i'll explain why when we reach that point why i'm using an include and not a component for this part of the project the first thing i'm going to do i'm going to copy the register form over for our create method so at the moment if we hit create we just go to a blank page because we've got nothing in there so over in our user controller and that's on the app http controller's admin user controller i'm just going to return a view here that i've not created yet but we'll create that next we're going to do a return and we want to return a view and i'm going to put this under admin like my overview files and also into the users i'm going to call it create and now we need to pass down all of our roles this create view so the admin can select which roles he wants to give to the user so let's open up an array here i'm just going to call roles and then i'm going to pass down i'm going to pass down the role model and i'm going to say get all of the roles that way in our view we can now loop over the roles and display them out to the admin but to save some time on this because there's no point in us typing out again i'm just going to grab our registration form and then copy it over into this create form down under the root of our project in resources views and then we're going to go into the or folder i'm just going to copy this register.blade.php file i'm going to put that on the admin i'm going to paste it into users and i'm going to call that create so i'm going to do this create form here now in display file and get it working and then we're going to abstract it away into a separate include file so we can reuse it for the edit go up here in the title i'm just going to change this to create new user and then we're going to post and the action is going to go to our admin route so we're going to go to admin users dot create we want to keep our csrf token in there and we can leave in the name here we can also read the email address and we're going to leave the password for now um but this may be not best practice because if the admin has to create the password for the user then the admin has to send it to the user somehow it's probably going to be in plain text and it's probably not best for security for later in the series i'll actually be removing this part of the form for the create method and we'll set up a path for the user but when our admin manually registers this user will send them an email with a password reset link and then they can set their own password but for now we're just going to leave it in here so the admin can create the password when they create a user we're not going to be making use of the password confirm field so i'm just going to get rid of that and then finally just to keep our style and consistent we're going to wrap this form in a card and we styled that card in one of the earlier videos so just above form here i'm going to create a div with a class of card and then just move that closing div tag down to the end of the form here let's take a look at this in the browser okay so we now have our create form here so the admin can put in the name email address and password for the user but there's no way for them to select the roles so in our view we want to loop over all our roles that we passed down from the controller and show them out to the admin in check boxes so over in our form and i'm just going to do this towards the bottom underneath the password section i'm just going to create another div here keeping the style consistent the inputs above and i'm going to give that a class of mb3 and then inside of here we're just going to weep over our rolls so i'm going to do a for each i'm going to say for each of the roles that we've passed down as role and then i'm just going to close that off with end for each and inside of here i'm just going to print out each of them roles with a chat box so i'm going to do a div here with the class of with the class of form check and then inside of here we can just create the input for the form i'm going to give this a class of form check input and then for the name and this is the name that we're passing through to the controller so we can pick this up and insert it into the database we're going to say roles and we're going to make this an array so this is so the admin can pass back multiple roles if they want to apply multiple roles to this user i'm just going to break this down on a new line to make it easier to read and tab it in and this is going to be a type of checkbox we're going to give this a value and the value is going to be the current role with insiders for each loop and its id now for accessibility purposes we're going to give this input a id i'm going to put this id equal to the current role and the current role's name and this is so we can reference this now with the label so just underneath here let's create a label i'm going to give this a class of form check hyphen label and we're going to say this label is 4 and we're going to make it for the id above here so we're going to say bor roll name and then for the actual labels text i'm just going to break this down onto a new line here for the actual text we can just say role name that'll just print out each of the check boxes for the roles given the value of the id and then we'll have a label next to each of the check boxes with the role's name i've just realized up here at the top of the form i put the wrong route in here we don't want to go to great route we want to go to the store route now we want to try and submit this form but firstly i'm just going to do a die and dump on the request so we can see the date that's coming in so over in our user controller again i'm going to come down to the store method i'm going to do a dye and dump and i'm going to die and dump on the request now let's jump over to our browser and submit this form so i'm just going to register myself i'm going to give the name of mark and i'm going to put in my own email address and then for password i'm just going to do password and then for the roles i'm going to select multiple roles so we can make sure that array is working so we can do admin and author and now let's just submit on this and we can see the request comes through to that method in the user controller and if we come under request and parameters we can see now we're passing in the name and the email address and our password also we have an array of roles so we've selected the role ids of one and two which in this system is the admin and author that's great we have all the information we need now let's just save this to the database so let's remove this dump here now and we want to create the user and i'm going to store this in a variable and this is so i can apply the roles after we've created the user so i'm just going to create a new variable called user and this is going to equal a new instance of the user model i'm going to call create and then inside of this create method we just need to pass in our request then instead of saying get all we want to say accept so we want to get all of the fields coming in from the form except the token and the roles let's say accept and then this takes an array and we want to say we don't want the token and that is a csrf token and we don't want that because we don't have that column in our table so it'll throw an error when we try and pass it in and we also don't want to pass in our roles and that's because our roles are not stored on our user table and again this will cause an error message because it's trying to insert something into a column that doesn't exist so that's our user created and the next thing we want to do is apply the roles to our many-to-many relationship that's all we need to do to create the user using the data being passed in from the create form there is a bit of a problem with this and this is it'll save the password coming in in plain text into the database now obviously we don't want to do that we want to store a hash version there's a feature in laravel on the models called mutators and what mutators do is they allow you to mutate the state of a given field on the model so let me show you an example of this and we'll mutate the password as it comes into the database so under app models user i'm just going to come down and then above the roles function here i'm going to create a new public function and now the naming of this is important we want to call it set and then the name of the column so it's password and then after the password we say attribute then this is how laravel knows this is a mutator and we want to set the password field so we need to do now is just pass in that password and then inside of here all we just need to do is set the password attribute on this model so we can say this attributes we want to say the password field for this user model we want to call laravel's hash and we want to say we want to make a hash of the password attribute what this does now every time we save on the user model it's going to alter the password input to this value here so it's going to do a hash now the reverse of this is what we call accessors in laravel and what they do they allow you to modify fields coming out of the database so i'm not going to be using them now at the moment just let you know you do have access to accessors as well as mutators and i'll drop a link in the description to the documentation on how you can use those as well that's all we need to do to hash that password and now the next thing we need to do now we've created that user is to apply the passed in roles to the newly created user and just a word of warning here for the hashmate method here make sure that your ide has pulled in the hash facade and if it hasn't just scroll to the top and make sure that you use illuminate support facades hash so back over in our user controller so now that we actually have that user model we can say user and we can call our roles relationship well if you remember in an earlier video let's just take a look at this so over in our project if we come under app models and then open up our user model if we scroll down to the bottom we can see here we created a new function called roles where we defined the many-to-many relationship so we can actually now use this method on our user model and this is the user model of this newly created user we can say role so we want to call our roles relationship and then we want to and then we want to sync our roles there's two methods you can use here so you can use attach and attach allows you to pass one id of a rolling so if you are only applying one role you could use attach but because we're allowing users to have multiple roles we need to call sync so on the end here we can pass sync and then sync allows us to pass in an array now if you remember correctly if we look at our dye and dump still in the browser you can see the roles are coming in as an array already so that's perfect we can just simply pass that into sync so in here we can call the request and we want to say get us that roles array that we passed in from our form and that's all we need that'll sync that our roles array from the selected check boxes against that user in the database and then finally after we've done that all we need to do is just return the admin back to the users index page so we can say redirect and we want to redirect to a root and the root we want to go to it's admin users index so now let's try this out and refresh it in the browser let's just hit f5 here and you can see that has now redirected us back to the users page and because now we've got more than 10 users we've got our pagination back so let's click two and there we can see our newly created user in the database so inside of this edit form it's going to be pretty much identical to the create form so to save typing this code out twice i'm going to be using and include to include part of the form that they both share the same code with another method of doing this is creating something called a blade component and the main and biggest difference between creating an include and a dedicated blade component and include has access to all the variables on the current page whereas a component only has access to variables that you manually pass into it so for our use case and include is the better option because that gives us access to all the variables the roles and the user and any kind of validation errors which we will be putting on in the next video so let's just take a look at how we can do this now so over in the root of our project i'm going to come down to the resources views admin users folder and i'm going to create a new folder in here i'm going to name this one partials now you can name this whatever you like whatever makes most sense to you you might just want to call it simply includes but i'm going to go with partials and then inside of this partials i'm going to create a new file and i'm going to call this form.blade.php and again you can give this whatever name you want i'm just going to go with form for this and then inside of here i'm just going to copy and paste that form we just created from the create view so over in create what i'm going to do is i'm going to copy everything from the button and i'm going to go all the way up and i'm going to copy up to the csrf token so i'm just going to cut that now out of my create file and then over in my form.blade.php file i'm just going to paste that in here now back over in our createblogblade.php file i just need to come inside the form i just need to say include and we want to include our admin and you can see here my id has filled the path out for me we want to include the admin.users.partials.4 and then that includes in here the views admin users partials and then that form file will just create it now let's jump over to our browser and take a look at our create page and it should be exactly the same so over in the browser i'm just going to click create and we can see it's still exactly the same it's included our form here so let's create our edit view now so under views admin users i'm just going to copy the create.blade.php file and i'm going to paste that in and rename it to edit now inside of here instead of create new user i'm going to change this to edit user and inside of here instead of posting to the admin user store we're going to post to the admin users update and then we also need to tell laravel that this is going to be a patch request so inside of the form here we can do at method and we want to say the method is a patch and then we're going to keep the include of our partials for so inside of our user controller let's go down to our edit method and then inside of our edit method just like our create method we want to return the view and pass down the roles i'm just going to copy that line from the create method here i'm just going to bring that down i'm going to paste that into edit and the only change we need to make here instead of admin users create we want to go to admin users edit so at the moment this form won't actually work and this is because we need to pass down the old user information into this edit view and this is because the form needs to know the user id that we need to edit so as well as our roles here i'm just going to break this down to a new line to make it more readable and then as well as our roles we also want to pass down the user that we're trying to edit and we can say user and we want to find the first instance where where the id we're passing in matches that user so now that we're passing this user model down the last thing we want to do is on our edit form let's pass it the user id so back over in our edit.blade.php file in our route here let's go into admin users update as an extra parameter here we just want to pass in the user and their id so then when we come to submit this form it knows what user id we want to update so let's just take a look in the browser open our users if we just click edit on this first user here we now get our edit user form and this is using the same partial as to create form but obviously when we want to edit a user we need to pre-populate this form with the old data of the user we're trying to edit but we can actually do that in the partial so let's open up our form partial again so for each of our input fields we want to check whether a user model has been set because for the create method it obviously isn't so if there is a user model being passed down then we want to output that data as the value if we just scroll along here on the end you can see already the value is set to the old name now i'm just going to break this down onto a new line and then after here i want to say if is set and we want to say if a user model has been passed down that we know this is an edit form and there's going to be user data in it and just do an end is set here to close it off and then inside of here we want to say if it is set we want to input the user the user's name so let's have a look in the browser how this works so if we do a refresh here we can see it's now populated the name of our edit user with the name of the user we're currently editing so we just need to do the same for the other fields so i'm just going to copy this is set here again i'm going to come down to the email part i'm just going to break this value down onto a new line and then after the old value i'm going to do an iset user and if there is a user model being passed down we want to display out that user's email now for the edit i'm not going to be showing the password field as we don't want the admins editing users passwords if a user wants a new password they can go through the password reset flow which is much more secure we can actually pass variables down to the include and then show parts of the form depending on that input so let's just take a look at this so over in our create.blade.php file and my mistake here i've just put this in the create view but we don't want it in the create view we obviously want that in our edit view so over in our edit view we want to make sure we put the patch in there we're back over in our create view now we want to pass in a second parameter and this is an array so in here we just want to create a variable called create and i'm just going to set this to true now when we call this partial from the create blade view we're going to pass in an extra variable that we don't pass in in our edit methods see we don't have any extra variables here now in our form partial we can actually check for the presence of that variable so we can say this set and we want to see if the variable create is set and if it is then we'll just display out the password field so if i just do an end is set here now let's see how this works in practice back over an application if we just do a refresh on edit users you can see we're not setting that create variable so the password input disappears but if we go back to our users and we go to create we are passing in that create variable so it shows the password input now let's go back to our edit and focus on that so i'm just going to edit the top user and you can see we're populating the name and the email address but we're not populating the roles let's look at doing that next so for our roles just like we did for our name and email we want to check for the presence of the user model so inside the checkbox i'm just going to break this down to another line again to make it easier to read and i'm going to say it's set just like we did before now if the user model is set then just let's close this is set off and then if the user is set we will want to check the users roles and we want to see whether it matches the current role id here so what we want to do we want to check if we want to call the native in array function here so we want to check if the current row id that we're looping over inside of our user's roles array that's returned from the database so we can say user and then on our user model we want to get our roles relationship and then because this is a collection we want to pluck out the ids so we can say hook and then we want to say id so get the ids out and then finally because it is a collection and this in array method is expect an array we want to put on the n2 array and that just converts it into an array and then let's just scroll along a bit here and then just end that if we're saying if the current role id in this loop here is in the array from our users roles from the database if it is we want to mark this checkbox as checked so we understand that could be a bit to taking there's quite a lot happening there so we're just checking whether the user model is set and it will only be set for the edit form not the create form so if there is a user model we want to go into that user model and we want to put all of the ids on the roles relationship so this will return us an array of role ids and then we're just checking if the current role id that we're looping over here for the checkbox is in that array if it is we're just going to mark it as checked that's how we check whether the current check box has a role that's applied to the user from the database and you've probably noticed here as well i've dragged down the quotation marks from the id so let's just remove them off the end and put them on the id again so our input will now be marked as checked if the user does have that role so let's have a look in the browser so we head over to our users i'm just going to have a look at this user we created and remember we gave them the admin and author role so we just click edit on this we can see it's filled in our name and email address like normal but it's also checked the admin and the author roles the final thing we want to do is wire up our controller to listen for this submit button and then update the database so over in our controller if we come down to our update method we can see we're bringing that request in and then also that user id that we added to our edit.blade.php file the first thing we want to do in here is get that user so we can do user and we can set this equal to user and we can say find or fail and then we just pass in the id so if it can't find a user with that id this will fail and it will return a 404 response to the user so this just protects the application if anyone's trying to do something dodgy and try and delete users that don't exist the next thing we want to do now we have that user model is update it with our new information so here we can just say user and we can call the update method on this model and then we can just pass in the request and again we want to say accept and this takes an array and we don't want to pass in the token and we don't want to pass in the rules but i think you might actually be able to get away with just passing all in here but it's better that we'll just explicit and we're saying don't pass in the token or the roles because our database doesn't have it then finally we need to sync our new roles that we've selected in the update onto our many-to-many relationship so we can say this current user we're updating we're going to call our roles relationship and we want to sync on that and we want to sync the roles that are coming in on this new request so we want to request the roles and then finally once that's updated we just want to redirect them back to the users index page we can say return redirect and we can redirect them back to the root of admin dot users dot index now let's try this out in the browser with this user i'm going to take away their admin role now let's submit this you can see it redirects us back to the users page and if we go into page two and click edit we can see this user now only has the author role that has updated successfully so that's how create and edit page is now working so we can create new users and assign roles and we can also edit existing users and sign them or remove rules so at the moment this form doesn't have any kind of validation on it so in the next video let's look at some validation and we'll also look at adding some flash messages but at the moment when you edit the wii or create a user there's no feedback to the user to actually know whether that's worked or not right now if we just click submit redirected back to the users page but the user that's done that edit has got no idea whether it was successful or not so we'll also look at adding in some flash messages if you like this don't forget to hit that like button don't forget to subscribe so you get future updates and if you can support me by following me on twitter or if you can buy me a coffee on my patreon the links are in the description that'll be much appreciated

Info

Channel: Penguin Digital

Views: 17,884

Rating: undefined out of 5

Keywords: laravel, laravel 6, laravel 7, laravel 8, laravel 9, laravel 10, laravel login, php, php login, laravel roles

Id: p5ncbfc5Cr0

Channel Id: undefined

Length: 26min 48sec (1608 seconds)

Published: Wed Dec 02 2020