Authorization and Authentication : Laravel 5.2

Sometimes we have to produce a really simple and fast RBAC for any of our systems.

Now I will show you a really fast and easy way to make this out.

First of all, we will remember that laravel out of the box installation provides an entity called ‘Users’, lets look at this.

Users class Laravel 5.2 out of the box

Changing the User class and the migration blueprint

We will make some changes to the User class to identify the user_role in the database, remember we have to make both changes, the User class change and the migration file change

User clas changes in $fillable attributes
Changes in the migrations file

This changes will allow us to store the role that the user is taking in our system, now we can restrict and allow the diferent options.


Creating the Authentication Files from console

In the console that we are using, we have to navigate up to the containing app of our application. Then in there we will type the following:

php artisan make:auth

This will make all the Authentication engine the comes out of the box with Laravel 5.2. Now we will see the files created.

Executing the command

Views

Some files that were created are located first of all in the

resources/views
File structure
Inside the auth folder

The auth folder have views corresponding to the “authentication system” first we have the emails folder that will be the one displayed for the password recovery int he email(something not covered in this tutorial).

Also contains the passwords is the one that is used IN the system for password recovery.

And last but not least in the top of the auth folder we have the login and register this are the front end for registering a new user and authenticating the user.

LANDING PAGE
Login View
Register View

Controllers

In the folder of controlers we find the HomeController , for more info of controlers click here, that is in charge of “protecting” and forwarding the traffic.

The info added to the controller is:

<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use Illuminate\Http\Request;
class HomeController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware(‘auth’);
}
/**
* Show the application dashboard.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
return view(‘home’);
}
}

in here we have to take special attention to the following line:

public function __construct()
{
$this->middleware(‘auth’);
}

this is asking to use the middle ware named auth, that is declared in the Kernel file, that at the same time is managing almost all the Auth services from laravel:

Fragment from the Kernel File

also the Auth controllers are included, these are the ones that interact more directly to the middleware

Auth controllers

Middleware

This files are the ones in charge of making all the “magic” happen, these are the ones in charge of determining all the login, logout, cookies and so.

Middleware Folder

When making any usage of form’s in between the app that uses the Auth service, make sure you include in the blade file the following:

{{ csrf_field() }}

since this is a special token that laravel needs to authenticate in certain way the info sent to the system.

Creating Gates (permissions)

The permisions can be set in policys files, or like in these cases in the AuthServiceProvider.

here we are setting the permission depending in the user role


Validating with blade the Permissions of the User

then with the help of the Blade functions, we can checkin the gates if the user is authorized to achieve certain activity.

Remember that the user authenticated is retieved from the middleware that we are using for the routes such as this:

Route using the middleware