Protecting pages with Gates - EP11 - Laravel 8 User Login and Management System

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] so at the moment anyone can access any part of application and do whatever they want so a user doesn't even have to be logged in at the moment and you can edit create and delete users and then any user with any role can also do whatever they like so in this video we're going to start putting the foundations in of checking users and then granting them or denying them access to certain parts of our application and we're mainly going to be using a feature in laravel called gates to achieve this so the first thing i'm actually going to do before we do anything with gates is just change this layout a bit and the reason for this is is because i want this top bar with the login and register to show for all users even if somebody's not logged in so they can access the login and register links obviously but then these menu items here i only want to show them if a user is logged in and then further down the line i'll probably want to close off this users tab for say admins only so what i want to do is separate these out onto two different lines so let's do that first so over in our main.wave.php file what i'm going to do is i'm just going to copy this entire navbar so we have two copies of it and then in this second one i'm going to remove the logo i'm going to keep the home and users links and then i'm also going to get rid of the login and register so i'll just leave the link to home and users on that second bar and then obviously in this first menu we don't want to be showing them links the home link and the users link we want to get rid of those and then finally i also want to get rid of this this div here and it's closing tag so the login and register still sits on the right side of the screen now let's take a look at this in the browser and you can see now we have our two separate menu bars we've got our links to the application here and we have our logo and our login and register links on the top bar we need to change the style of this a bit now because obviously we put a margin bottom on the menu and also a drop shadow so we just want to change this round a bit so over in our app.scs file and make sure you've still got your mpm running in the background so npm run watch so it was going to watch for any changes so i'm just going to create a new class here and i'm going to call this sub hyphen nav and this is going to be for the second navbar now i'm going to give this a background color of white so we can just type that in it's 6s for white and i'm going to take the box shadow and the margin bottom off the top nap bar i'm just going to cut these out and then i'm going to paste them in to the sub navigation and finally because we're still going to be using the navbar class on the second one so we inherit all the original styles from the nav bar we need to set a wink color because currently it's set as white and obviously that's not going to show very well on a white background so just here in the sub nav let's say all of our links inside the sub nav we want them to have a color we want the color to be our primary color that we set up in one of the first videos now we're just going to save on this and it's going to build and now we just need to apply this sub nav class to our second menu over in main.blade.php so we're going to come down to our second navigation bar and after nav bar here we're just going to add our new class sub hyphen nav then we're just saving on that and then let's look at this in our browser let's give this a refresh now you can see there we go that was much better this is exactly what i wanted so i've now got two menu bars and i can start controlling this menu bar so only logged in users can see it and to do this we're going to be using gates now there are already ways built into vanderbilt to check for a logged in user you can do that on the off facade for example and there's a few other places that you can check it but we're going to create our own gate from scratch for this because it's quite a simple example to get your head around gates and this will give you a good idea of how the gates actually working before we go on to the more complex examples with checking our roles so we want to open up our off service provider and that is under app providers and it's a file called off service provider you can see the top of the file here it's already bringing in the illuminate support facades gate so we can now use that facade to start building up our gates so if we just scroll down to our boot method after here and now we can just call that gate facade and we want to define a new gate so we can call define and then we can give this gate a name now you can call this whatever you like it's just something that's going to be easy for you to remember because these gates we can use them anywhere in our location we can use them in our views and we can also use them in our controllers or our middleware literally anywhere in the application you can use this gate so you can control entire parts of your application and the code is only ever in one place so for example this skate will probably not want to change it but maybe further down the line you're going to create a gate to allow access to a certain part of the website and then maybe further down the line you may want to change that to add another user group in to access that you'd only have to change it in this one place in the off service provider and then that'll cascade down through all your views all your controllers and everywhere else that you call the gate so it's a really powerful feature so i'm just going to call this one logged hyphen in and then as a second parameter this takes in a closure and i'm going to pass in the user and then inside of this controller i'm simply just going to return back the user so what this does now is if there is a user it's going to return him if there isn't a logged in user it's actually just going to return no so the gate is going to fail if you check against it so let me just show you an example of this so over in the user controller and i'm going to come down to just the index page for now now we want to check if there is a logged in user using that gate so we can say if and then we can call gate now remember if the id hasn't pulled this in automatically for you make sure at the top that you call use illuminate support facade gate and then on this gate there's a method called denies and what this does is it checks whether the gate is returning a no or a false and if it is that means it's true so it's saying does this gate deny and in our case if there's no logged in user it's going to equate to true so that if will be triggered so we can say call our logged in date that we've just created and if this does equate to true then let's just die and dump and say no access allowed obviously this is just an example you wouldn't really die and don't you'd probably redirect to something so now let's just try this in the browser so we're already on our index users page in the admin panel and as you can see here we've got no logged in user because it's currently showing the login link now let's try and refresh on this page you can see there now we get our dye and dump so it's gone to our gate and it's saying does this deny so does this gate equate to returning a false or a null and if it does just die and dump out and that's how you can check gates whether it's going to be turning a true or false and then allow or deny access through if i just head over to the create page you can see that still allows us through without a logged in user because we're only doing that check on the index page currently so let's actually just try and log in now so now we're logged in let's try and go to our users page and you can see now we do pass that gate check so it doesn't die and dump out and it allows us to carry on through the application so the good thing about using these gates now like i said previously is we can use them anywhere we can use them in our views so let's now apply that to our sub navigation bar here so over in our main.blade.php file i see our sub navigation here so now what we want to do is call a blade directive called can so we can do at can and then we want to say can the current logged in user pass the gate called logged in and if they can display this out if they can't then don't display it out and then at the end of it we just do an end can now everything inside of here will only display if the user passes the logged in gate that we just created so let's see this in practice now let's just do a refresh here you can see now we've got a logged in user this navigation bar does show now let's hit the log out here and now the user's logged out that navigation bar disappears so only logged in users can see the home and the users link so let's log in now to get that menu bar back you can see now we're logged in we have our sub navigation bar back so just because we're hiding the ui element that doesn't mean that it blocks access to the rest of the application still so for example if we go to our users create page here we can access it as a logged in user but if we just click the log out button and then we go back to that users create page so it's forward slash admin forward slash users forward slash create we can still access that page even though obviously our sub navigation isn't showing the actual urls are still accessible so we can actually stop users accessing pages with a thing called middleware and what middleware does is it runs before every request that you apply the middleware to and then it can do a check so for example it can check whether a user is logged in now out of the box laddervelt does come with an authentication middleware so it'll already check whether a user is logged in or not so for now we're just going to be using that on this but in the next video when we get more complex and we start using i'm going to create our own custom middleware that'll do a roles check for example so for now let's just use that built-in one while we've got it so over in our web.php file which is under roots we can see we have our admin roots here i'm just going to apply a another method on here called middleware and then in here i'm going to apply the auth middleware now this is something that comes with web about the box so let's just actually take a look at this so if we come under app http and kernel.php if we just scroll down this file to our you can see these in the middle where we can apply to the roots out of the box with variable and you can see we got that can method here so we can use that also and we've also got access to this off so let's just apply this off middleware that comes out the box with waterville and then what this will do this will check whether the user is logged in or not and if they're not logged in it'll redirect them to the login page so let's just save on this now and then this will protect everything with inside of this root group that's the power of applying groups to sets of roots so any other routes that we put in here now not only will they get the prefix and the name they'll also go through the off check you don't have to keep remembering to apply this off check to anything that you put in the admin roots group it's just going to do it automatically for you let's go back over to our browser now let's try and hit refresh on this create user page now and as you can see that has redirected us back to the login page so now any route within that admin group has got to pass the minimum check of the authentication middleware so now only logged in users can access the admin panel pages so now in the next video let's expand upon this and let's create more custom gates that where we're going to check the roles of the users and then also create custom middleware that we can apply to our admin panel to make sure the users have a certain role within our application before we allow them through into the admin panel if you like this video don't forget to hit the like button and also hit subscribe so you get future notifications also if you'd like to give me a tip or buy me a coffee i've got a link to my patreon down below any donations you can make are really appreciated i've also got a twitter account so i'll put a link to that in the description so follow me along on twitter as i always post updates on there of the upcoming videos and when they're going to be released

Info

Channel: Penguin Digital

Views: 7,635

Rating: undefined out of 5

Keywords: laravel, laravel 6, laravel 7, laravel 8, laravel 9, laravel 10, php, php login, laravel login, laravel gates

Id: NkN2IKxJHx8

Channel Id: undefined

Length: 12min 53sec (773 seconds)

Published: Tue Dec 15 2020