Man, I said yesterday, - u definetely have a teacher talent. Thank you. Appreciate ur good english which sounds nice. And ofcs, the explanation. At that point, I can say, u're the only one who can compete with Laracasts at explanation/clarity/sound qualities. Good, deep data. Ofcs, I've read all of it in docs, but it just nice to have a video representation with clear examples. Wish u a good health. And ofcs, I already noticed Facades video, will watch it soon ;)
Was having issues grasping the idea behind Policies. After watching this, I set up my access control list in my project using policies in less than 10 minutes. Thankyou so much!
Omg dude I have been following you for so long. The very first Laravel course I did was from you on Udmey. You were and still are an amazing teacher. I remember you talking about Relationships and was very thorough with everything. Keep it up. And Thank you!
Policies! Thank you! I was looking forward to this. In some cases it feels like such a thin line between policies and middleware that I'm not 100% sure when to use the one or the other...
You are Great!!!! I am learning a lot. your explanation is crystal clear. I have a question though, if we use middleware in web.php for the store. and if we log out, we are able to access to the Customers page, because the middleware('auth') is removed.
Hi, I have a relevant question I watched the video, and I totally understand it. But I have a problem I can't detect When I only want to check if the user is logged in, meaning that I create the policy but don't make any conditions like your "return in_array($user->...etc)", just return true. When I apply that authorization, it always return a false value like I'm not signed in, although I am. So what could the problem be?
many thanks sir. Its possible redirect user to login page, if the user is not unauthorized? Google shows me many options with the handle.php, but all not works in laravel 6.0
With Laravel 7.x I have a weird problem inside the controller. If I use $this->authorize('delete', $user, $post); It won't work. but if I use $user->can('delete', $post); it will work. Inside the policy I check (if the user is an admin or (if the user is an author and owns the post)). Both $user and $post are model extract from the DB before calling %this->authorize and $user->can. Should I keep it with $user->can if it works or should I try to find why it doesn't work with with $this->authorize and fix it ?
I got this error public function __call($method, $parameters) { throw new BadMethodCallException(sprintf( 'Method %s::%s does not exist.', static::class, $method )); } Method App\Http\Controllers\CustomerController::authorize does not exist
Two questions: - How would I authorize related models? For example, tags related to a project (that I can only see, edit, etc if I'm a member of the project) - Wouldn't be better to centralize the policies inside an observer, in case you add a new controller and end up forgetting adding the authorize check.
Nice video and incredible course! i have a doubt about Controllers: is it a good practice create smth like ModelController and AdminModelController to separate functions between a customer and an admin? In my case, for example, i have a Code Model so basically an admin will create, edit and remove codes and a customer will buy and watch their own.
What if we have a page, where is deleted/updated several models? Or is displayed some information, where models are not used? Can we also use policies for that?
@@CodersTape Let's say we have a form to store data in database. But this form is storing data in two tables. So then we have two models on the same form. How we should use policies in such case? Do we create two policies for each model and them call to them from controller?
Fantastic tutorial, keep it up! However, I have roles table and users table bounded by one-to-many relationship. How can make policy that accepts only users (in users table) that have role named 'admin' (in roles table)?
What you are describing would not work as a one to many relationships. You need to refactor that to a many to many then you can do the check in several ways but here's the easiest. You would grab the authenticated user and then find it's role. Something like this (untested code, but the basic idea is there) auth()->user()->whereHas('roles', function ($query) { $query->where('name', 'admin'); }) == 'admin' this assuming that the column name in the roles table is name
@@CodersTape My intention is to stick to concept that one user can only have one role (user or admin). What is the cleanest method to restrict access with that concept in mind? I have very simple CRUD application with guest/user/admin views.
The cleanest method for this is to not have a role table at all. Add a column to the user table and you can call it is_admin and set a default of 0. Then any admin privileges users, set that to 1. In your policy, simply write return $user->is_admin; Very simple approach.
@@CodersTape Yes, that's very elegant approach and surely I will use it in future projects, however current one is an assignment from university... Using your policy I can switch views between guest/auth/admin, but I don't know how to show content only for user? How could I add more policies if I had to add more roles? Thank You kindly for your help. :)
if i understand this correctly, when i create a method called "test" in my policy and i return true it should work in the controller as $this->autorize('test');
thanks, very helpful series!! but i am not sure at all whats the "benefit" of renaming the $policies to "Customer" ...the application works like before...
In previous versions of Laravel, the policies were not auto-discoverable. I am showing you how to manually link those up in case you are working on an older codebase with a Laravel version where it needs to be manually linked up. But you are right, there is no benefit at all in the new versions of Laravel.
ok i found the mistake as i was facing the same issue... the issue was that the policy name should be same as the model name with a Policy suffix.. so if the model name is Customer the policy name should me CustomerPolicy in order for laravel to automatically discover policies... cheers
Can you please make a video with github.com/spatie/laravel-permission This means that roles can be assigned certain permissions and the roles can also be changed and updated via the graphical user interface.
ok i found the mistake... the issue was that the policy name should be same as the model name with a Policy suffix in order for laravel to automatically discover the policy.. cheers
i have been following this series from the very beginning and i learned a lot thanks for this knowledge share
who are master of any skill he can describe in easy way even beginner can learn, so dude you are a master of Laravel thanks for such a nice material
Fantastic !! Thank you so very much !! Your videos are reliefs for novices like us !!
Man, I said yesterday, - u definetely have a teacher talent. Thank you. Appreciate ur good english which sounds nice. And ofcs, the explanation. At that point, I can say, u're the only one who can compete with Laracasts at explanation/clarity/sound qualities. Good, deep data. Ofcs, I've read all of it in docs, but it just nice to have a video representation with clear examples. Wish u a good health. And ofcs, I already noticed Facades video, will watch it soon ;)
Facade video is 🔥 great stuff in there
Hey Coder"s Tape, Please make a full project tutorials series
Was having issues grasping the idea behind Policies. After watching this, I set up my access control list in my project using policies in less than 10 minutes. Thankyou so much!
Omg dude I have been following you for so long. The very first Laravel course I did was from you on Udmey. You were and still are an amazing teacher. I remember you talking about Relationships and was very thorough with everything. Keep it up. And Thank you!
This is what I've been looking for!!!! You r da best man!!! :D
Policies! Thank you! I was looking forward to this.
In some cases it feels like such a thin line between policies and middleware that I'm not 100% sure when to use the one or the other...
all your tutorials are amazing, thanks it has been a great help
THANKS!, Best laravel video tutorials, thanks sr
Thank you so much! Very helpful video.
All your tutorials are amazing, thanks it has been a great help :-)
Just love the way you explain things so nicely you got my sub bro... happy codding
Victor the living Legend
precisely what I wanted. thanks for the awesome video!
The BEST as always!
You are Great!!!! I am learning a lot. your explanation is crystal clear.
I have a question though, if we use middleware in web.php for the store.
and if we log out, we are able to access to the Customers page, because the middleware('auth') is removed.
Nice job. Thanks
How Awesome
Hi, I have a relevant question
I watched the video, and I totally understand it. But I have a problem I can't detect
When I only want to check if the user is logged in, meaning that I create the policy but don't make any conditions like your "return in_array($user->...etc)", just return true. When I apply that authorization, it always return a false value like I'm not signed in, although I am. So what could the problem be?
Superb. ...
many thanks sir. Its possible redirect user to login page, if the user is not unauthorized? Google shows me many options with the handle.php, but all not works in laravel 6.0
With Laravel 7.x I have a weird problem inside the controller. If I use $this->authorize('delete', $user, $post); It won't work. but if I use $user->can('delete', $post); it will work.
Inside the policy I check (if the user is an admin or (if the user is an author and owns the post)). Both $user and $post are model extract from the DB before calling %this->authorize and $user->can.
Should I keep it with $user->can if it works or should I try to find why it doesn't work with with $this->authorize and fix it ?
I got this error
public function __call($method, $parameters)
{
throw new BadMethodCallException(sprintf(
'Method %s::%s does not exist.', static::class, $method
));
}
Method App\Http\Controllers\CustomerController::authorize does not exist
Thanks alot!
You are crazy cool !!!
Thanks
Thank you, sir, can you please make a lecture about helpers like ci helpers which we can access in view.
So we don't need to use default(0) to make it one for such amazing tech thanks sir
When you share with us a tutorial for how to create a second admin?
Two questions:
- How would I authorize related models? For example, tags related to a project (that I can only see, edit, etc if I'm a member of the project)
- Wouldn't be better to centralize the policies inside an observer, in case you add a new controller and end up forgetting adding the authorize check.
Thank you
No problem
Nice video
Thanks
Nice video and incredible course! i have a doubt about Controllers: is it a good practice create smth like ModelController and AdminModelController to separate functions between a customer and an admin? In my case, for example, i have a Code Model so basically an admin will create, edit and remove codes and a customer will buy and watch their own.
Controllers must follow the 7 REST verbs. Watch the 4 parts of controllers in this course, I think it will clear a lot.
sorry i am beginner for laravel , i want to make authentication but not using laravel default "make:auth" , how i can do ?
is this the best practice to do it? or i can do it with middleware?
What if we have a page, where is deleted/updated several models? Or is displayed some information, where models are not used? Can we also use policies for that?
I’m not understanding your question
@@CodersTape Let's say we have a form to store data in database. But this form is storing data in two tables. So then we have two models on the same form. How we should use policies in such case? Do we create two policies for each model and them call to them from controller?
Fantastic tutorial, keep it up! However, I have roles table and users table bounded by one-to-many relationship. How can make policy that accepts only users (in users table) that have role named 'admin' (in roles table)?
What you are describing would not work as a one to many relationships. You need to refactor that to a many to many then you can do the check in several ways but here's the easiest.
You would grab the authenticated user and then find it's role.
Something like this (untested code, but the basic idea is there)
auth()->user()->whereHas('roles', function ($query) {
$query->where('name', 'admin');
}) == 'admin'
this assuming that the column name in the roles table is name
@@CodersTape My intention is to stick to concept that one user can only have one role (user or admin). What is the cleanest method to restrict access with that concept in mind? I have very simple CRUD application with guest/user/admin views.
The cleanest method for this is to not have a role table at all. Add a column to the user table and you can call it is_admin and set a default of 0. Then any admin privileges users, set that to 1.
In your policy, simply write return $user->is_admin;
Very simple approach.
@@CodersTape Yes, that's very elegant approach and surely I will use it in future projects, however current one is an assignment from university... Using your policy I can switch views between guest/auth/admin, but I don't know how to show content only for user? How could I add more policies if I had to add more roles? Thank You kindly for your help. :)
Um, where's the link to Laravel 5.8 Tutorial From Scratch ep1 or the group of these videos?
coderstape.com/series/5-laravel-58-tutorial-from-the-ground-up
Cool , i didn't knew about @can
Is it possible style manipulation by admin, for instance admin changes the app to dark theme👏
Yeah that's possible
if i understand this correctly, when i create a method called "test" in my policy and i return true it should work in the controller as $this->autorize('test');
I guess technically yes.
do we need to authorize the user in store method when we are ultimately hiding the add new customer link? i mean no such need isn't it
I think it's still important as some curious users or malicious users might want to bypass your restrictions
Yes you have, because it's possible to bypass the links, by goigng directly to the URL in browser, for instance.
its working if i use
@can('create',App\Customer::class) instead of ('view',$customer)
Show
@endcan
How about gates?
what if i have another method instead of create,delete,store etc.. ?
You can still use $this->authorize() on any method in your controller. It will still work.
That user #5 though, Gaylord and Haley xD
thanks, very helpful series!! but i am not sure at all whats the "benefit" of renaming the $policies to "Customer" ...the application works like before...
In previous versions of Laravel, the policies were not auto-discoverable. I am showing you how to manually link those up in case you are working on an older codebase with a Laravel version where it needs to be manually linked up. But you are right, there is no benefit at all in the new versions of Laravel.
why dont need register it to authserviceproivder ??
It will auto discover policies.
Does super users have ability to suspend a user, while the user is logged in❗
That will depend on how you code your application
its not working.. i am using for this email:admin@email.com but it works for all and not showing the relevant view
ok i found the mistake as i was facing the same issue... the issue was that the policy name should be same as the model name with a Policy suffix.. so if the model name is Customer the policy name should me CustomerPolicy in order for laravel to automatically discover policies... cheers
@@aamishirfan3334 thanks dude
Can you please make a video with github.com/spatie/laravel-permission
This means that roles can be assigned certain permissions and the roles can also be changed and updated via the graphical user interface.
its not working.. giving 403 even on authorized email
ok i found the mistake... the issue was that the policy name should be same as the model name with a Policy suffix in order for laravel to automatically discover the policy.. cheers
@@aamishirfan3334 Awesome!
@@CodersTape thanks ;)
@@CodersTape do we need to authorize the user in store method when we are ultimately hiding the add new customer link? i mean no such need isn't it