Build administrator login into a Laravel 5 app

Connor Leech
Mar 1, 2018 · 3 min read
Image for post
Image for post
Get ready to administrate.

Authorization can be tricky. There are thousands of posts about how to perform authentication, but actually verifying who someone is and managing user permissions can be a whole can of worms. Fortunately, Laravel has systems in place that make a tiered login system very easy to implement.

Before we get started I’d like to give props 👏 to Nick Basile and his excellent blog posts on this topic. To add authentication to a Laravel 5 app, all you need is one command:

$ php artisan make:auth

That’s it. If you’re new to Laravel, welcome. For Laravel developers this feature has been around for a long time. Now we’ve got our auth system with login forms and everything. That all works, but for the purposes of this post we’re interested in authorization.

Source code for this article is available on github

These two commits are where it all went down.

I am using Laravel 5.5 right now, the latest release. The only specific Laravel 5.5 thing going on is the @guest helper in the frontend Blade directives. In the HTML section of the application, these helpers allow us to easily check if the user is logged in or not:

@auth
// The user is authenticated...
@endauth

@guest
// The user is not authenticated...
@endguest

If you’re not using Laravel 5.5 there are other workarounds but you might as well upgrade to the latest version for the new features!

There are lots of ways to build an authorization system. There are pre-built packages that allow you to manage roles and permissions. I’m sure they’re great as they are maintained by Spatie, who makes all the bomb Laravel packages. For this though, I didn’t want to bring in a heavy package and make it work. All I wanted for this Laravel app was to have a little quiet place that only I, as an administrator can login to. Everyone else can login and see their dashboard or profile or whatever but only I can login and see an admin page.

How we achieve this is to add a type column on the users table and check if a user has that type via custom middleware. It sounds fancy but it’s pretty easy!

  1. Add the types you want to the User model and a method to check if a user is an admin.
/* app/User.php */const ADMIN_TYPE = 'admin';
const DEFAULT_TYPE = 'default';
public function isAdmin() {
return $this->type === self::ADMIN_TYPE;
}

2. Add the type column to the migration that created your users table

/* database/migrations/2014_10_12_000000_create_users_table.php */$table->string('type')->default('default');

3. Add a type value to the create method in register controller

/* app/Http/Controllers/Auth/RegisterController.php */protected function create(array $data)    {        
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'type' => User::DEFAULT_TYPE,
]);
}

4. Create a custom middleware file to check if a user is an admin. Generate this file using php artisan make:middleware IsAdmin

5. Register the middleware you just created

/* app/Http/Kernel.php */'is_admin' => \App\Http\Middleware\IsAdmin::class,

6. Add some routes that invoke the middleware

/* routes/web.php */Route::view('/', 'welcome');Auth::routes();Route::get('/home', 'HomeController@index')    
->name('home');
Route::get('/admin', 'AdminController@admin')
->middleware('is_admin')
->name('admin');

7. Create an admin controller with php artisan make:controller AdminController. This controller returns the dashboard for whatever view you want your admin to see.

Now if you visit /admin and you’re not logged in or logged in as an administrator you won’t be able to access the page. In order to create an admin user you can use the tinker artisan comman:

$ php artisan tinker
>>> use App\User;
>>>User::where('email', 'connorleech@gmail.com')->update(['type' => 'admin']);

Then when you login as that user you will be able to see the admin page! Full codebase below. You can also check out these related articles about building a task list and the repository design pattern.

Thanks for reading! If you enjoyed this article please give it a clappy or a share on the social medias.

🚀 If you’re a candidate on the job market or startup looking to hire in the Bay Area, feel free to create a profile on Employbl 🤝

Employbl

Find a tech or startup job in the Bay Area.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store