Creating Group Filters #483

MarcPinnell · 2022-10-25T23:01:59Z

MarcPinnell
Oct 25, 2022

Been working on a project for about a year. Switching to Shield for Auth as the project expands into a "public" branch to go along with the "admin" branch. There are three main branches:

No Auth (login, register);
the "Portal" where you have to be registered, approved and a member of the Public group
the "Admin" area where you have to be registered, approved and a member of the Staff or Admin groups

For the Public side of things you can have URLs like:

Portal/billing + More segments
Portal/support + more segments

For the Admin area, URLs could look like:

Admin/billing/generate
Admin/billing/invoice/123
Admin/support
Admin/support/ticket/123
Admin/equipment/inventory
...and hundreds more

Each branch (admin, portal) is namespaced in the controller and the next segment (billling, support, etc) are controllers.

Trying to figure out the most efficient way to restrict access based on group. I was looking at this discussion: #257 which seems to be heading in a good direction, but without having to map out every single route, I don't see how to make it work.

Is there a way to do a filter on only the first segment of a URL? Am I missing something obvious in how to handle this? I would prefer to have the permissions check in a single place and not have to do it in every controller/function if possible (too many chances for error).

Answered by lonnieezell

Oct 26, 2022

It's probably easiest to create 2 new filters - one for Portal and one for Admin. You can look at the existing SessionAuth filter and make the checks to be as specific as you want. You would use the SessionAuth filter for all of your protected routes, and then additionally use the new custom filters. So something like this for the filter:

public function before(RequestInterface $request, $arguments = null)
{
    $user = auth()->user();

    // do your checks here
    if ($user->inGroup('staff', 'admin')) {
        return;
    }

    return redirect()->route('login');
}

Then in app/Config/Filters.php:

public $aliases = [
    ...
    'admin' => My\Admin\Filter::class,
    'portal' => My\Portal

View full answer

lonnieezell · 2022-10-26T03:31:59Z

lonnieezell
Oct 26, 2022
Maintainer

It's probably easiest to create 2 new filters - one for Portal and one for Admin. You can look at the existing SessionAuth filter and make the checks to be as specific as you want. You would use the SessionAuth filter for all of your protected routes, and then additionally use the new custom filters. So something like this for the filter:

public function before(RequestInterface $request, $arguments = null)
{
    $user = auth()->user();

    // do your checks here
    if ($user->inGroup('staff', 'admin')) {
        return;
    }

    return redirect()->route('login');
}

Then in app/Config/Filters.php:

public $aliases = [
    ...
    'admin' => My\Admin\Filter::class,
    'portal' => My\Portal\Filter::class,
];

public $filters = [
    'admin' => ['before' => ['admin*']],
    'portal' => ['before' => ['portal*']]
];

1 reply

MarcPinnell Oct 26, 2022
Author

This worked great! Thanks for pointing me in the right direction!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Creating Group Filters #483

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Creating Group Filters #483

Uh oh!

MarcPinnell Oct 25, 2022

Replies: 1 comment · 1 reply

Uh oh!

lonnieezell Oct 26, 2022 Maintainer

Uh oh!

MarcPinnell Oct 26, 2022 Author

MarcPinnell
Oct 25, 2022

Replies: 1 comment 1 reply

lonnieezell
Oct 26, 2022
Maintainer

MarcPinnell Oct 26, 2022
Author