Laravel 4 multiple users security

-
I am developing a multiple user web application. My concerns are about the security. I am wondering if this is the secure way to put it together?
I have done the following in filters.php, three new fitlers.
/**
*filter.php
*/
Route::filter('auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::guest('login');
        }
    }
});

Route::filter('user', function(){
    if(Auth::guest()){
        return Redirect::route('login');
    }else{
        if(Auth::user()->role == 2){
            return Redirect::route('/users/users');
        }
    }
});

Route::filter('admin', function(){
    if(Auth::guest()){
        return Redirect::route('login');
    }else{
        if(Auth::user()->role == 1){
            return Redirect::route('/admin/admin');
        }
    }
});

Route::filter('business', function(){
    if(Auth::guest()){
        return Redirect::route('login');
    }else{
        if(Auth::user()->role == 1){
            return Redirect::route('/business/business');
        }
    }
});
In route.php I have added the following
        /**
    *
    *
    *User filter
    *
    *
    */
    Route::group(array('before' => 'admin'), function(){

        Route::resource('user', 'UserController');

        Route::get('user/dashboard', array(
            'as' =>'user-dashboard',
            'uses' => 'UserController@show'
        ));


        /*
    |admin filter
    */
    // Route::group(array('before' => 'user'), function(){
                Route::get('admin/dashboard', array(
        '      as' =>'admin-dashboard',
              'uses' => 'AdminController@getAdmin'
    ));

    // });


       /**
    *
    *
    *Bussiness filter
    *
    *
    */
    Route::group(array('before' => 'business'), function(){
        Route::get('business/dashboard', array(
            'as' =>'business-dashboard',
            'uses' => 'BusinessController@getBusiness'
        ));
    });
in AdminController.php i have added the following
public function show($id){
        $user = User::find($id);

        return View::make('admin.show')
        ->with('title', 'admin dashboard')
        ->with('user', $user);
    }
In the admin/show.blade.php file I have added the following
@extends('layouts.default')

@section('content')
    @if(Auth::check())

        @if(Auth::user()->role==1)
        <div class="container">
            <h1>{{ $user->email }}</h1>
                @else
            <p> you are not signed in</p>
        @endif
    @else
        <?php return Redirect::route('login') ?>
    @endif
@stop
in UserController.php I have added the following
public function show(){
        return View::make('users.index')
        ->with('title', 'dashboard');
    }
in users/index.blade.php I have added the following
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
                ........... 
                @else 
        <div class="container">
            <h3>your are not signed in</h3>
        </div>
        @endif
    @else
        <?php return Redirect::route('login')->with('global', 'your not allowed here') ?>
    @endif
@stop
and the bussiness role is done the same way.
in View files for admin
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==1)
            <h2>welcome {{ Auth::user()->email }}, you are logged in as an administrator </h2>
        @else
            <p> you are not signed in</p>
        @endif
    @else
        <p><?php return Redirect::route('login')->with('global', 'your not allowed here') ?></p>
    @endif
@stop
and for users
@extends('layouts.default')

@section('content')
    @if(Auth::check())
        @if(Auth::user()->role==2)
            <h2>welcome {{ Auth::user()->email }}, you are logged in as an user </h2>
        @else
            <p> you are not signed in</p>
        @endif
    @else
        <p><?php return Redirect::route('login')->with('global', 'your not allowed here') ?></p>
    @endif
@stop

Comments

Post a Comment

Popular posts from this blog

Bootstrap Tags Input

-
Query plugin providing a Twitter Bootstrap user interface for managing tags Code on Github   Bootstrap 2.3.2   Download Examples Markup Just add  data-role="tagsinput"  to your input field to automatically change it to a tags input field. Amsterdam   Washington   Sydney   Beijing   Cairo   Show code statement returns $("input").val() "Amsterdam,Washington,Sydney,Beijing,Cairo" $("input").tagsinput('items') [ "Amsterdam" ,"Washington","Sydney","Beijing","Cairo"] True multi value Use a  <select multiple />  as your input element for a tags input, to gain true multivalue support. Instead of a comma separated string, the values will be set in an array. Existing <option />  elements will automatically be set as tags. This makes it also possible to create tags containing a comma.                 Amsterdam      ...
Read more

Laravel 5.8 Files Folders Permissions and Ownership Setup

-
Introduction:  laravel storage permissions Hello, In this post I will teach you how you can deal with files and folder permissions and ownership when you are working in laravel project.  In the modern growing development environment, security is the most important factor for any application especially when you are deploying your project on the production server. Files and folders permissions are the main things for concerned. If you are not assigning proper files and folders permission then it's mean you are giving an invitation to attackers. In other words, your system is open for public and attackers without giving proper permissions. If you are in beginner and any phase of laravel and not familiar with laravel storage permission then this post gonna help you that how you can easily laravel storage permissions . Laravel Security Issues: I have seen several time people when deploying laravel project, the first error they get is laravel storage permissions...
Read more