Admin & User for newbie

Question

I would like to separate 2 types of users. The Admin and the user basic. The Admin can create several recordings except the user basic which can only see.

Here, the user Admin adds a recording

My second user can just see the recordings but I don't know how to do this?

My questions:

1) I must to create a field in my table "students" ?

I have for now this:

// students

public function up()
{
    Schema::create('students', function (Blueprint $table) {
         $table->bigIncrements('id');
         $table->string('name');
         $table->string('firstname');
         $table->timestamps();
    });
}

// users

public function up()
    {
        Schema::create('users', function (Blueprint $table) {
            $table->bigIncrements('id');
            $table->string('name');
            $table->string('email')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->rememberToken();
            $table->timestamps();
        });
    }

My 2 models:

// Student

class Student extends Model
{
    protected  $fillable = ['name', 'firstname'];


}

// User

class User extends Authenticatable
{
    use Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

}

2) I must to create a class Admin?

Answer 1

You can use laravel guards or something like a package to control the user access inside your application. This one can help you to do this.

Basically, what you need is it:

Create a permissions table:

php artisan make:model Permission -m

Here is how your table should look like:

|---permissions---|
|       id        |
|      slug       |
|   description   |  
|     name        |
|-----------------|

Then, create a user_has_permissions table:

php artisan make:migration create_user_has_permissions_table

This table should looks like this:

|---user_has_permissions---|
|         user_id          |
|      permission_id       |
|--------------------------|

The second table store the user permissions.

Add a relationship to your user model:

public function permissions()
{
    return $this->belongsToMany(Permission::class, 'user_has_permissions');
}

The function above return all user permissions.

Add another function, to check if the user has some permissions:

public function hasPermission($permissionSlug)
{
    return (bool)$this->permissions()->where('slug', $permissionSlug)->count();
}

If the user has some permission, the hasPermission return true. Otherwise, returns false.

Now, you can use the laravel gates and policies to control the access for some areas of your app:

First, create a policy to use with your gate:

php artisan make:policy VerifyUserPermissionPolicy

This policy will be placed into app/Policies directory.

Add two methods to your new policy:

public function onlyViewRecords(User $user)
{
    return $user->hasPermission('only-view-records');
}

//And this one:
public function admin(User $user)
{
    return $user->hasPermission('admin');
}

Dont forget to add the admin and only-view-records permissions to your permissions table;

Within your app/Providers/AuthServiceProvider file, add this lines within the boot method:

Gate::define('admin', '\App\Policies\VerifyUserPermissionPolicy@admin');
Gate::define('only-view-records', '\App\Policies\VerifyUserPermissionPolicy@onlyViewRecords');

Now, you can check for user permissions using the laravel can method:

if ($user->can('admin')) {
    //What an admin can do?
}

if ($user->can('only-view-records') {
    //What this type of user can do?
}

Or, if you prefer, use gate:

if (Gate::allows('admin')) {
   //The user can execute admin actions
}


if (Gate::allows('only-view-records')) {
    //This user can only view some recors
}

Again, if you check this package, this will be so much easier.

Hope it helps.